Google Responds to Third Chrome Zero-Day Exploit in a Week

May 15, 2024

Google has launched an emergency security update to tackle the third zero-day vulnerability that has been exploited within a week. The company acknowledged the existence of an exploit for CVE-2024-4947 in a security advisory published on Wednesday. The zero-day flaw has been rectified with the release of versions 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux. These updated versions will be progressively rolled out to all users on the Stable Desktop channel in the coming weeks.

Chrome automatically updates when security patches are available, but users can manually confirm they have the latest version by navigating to Chrome menu > Help > About Google Chrome. After allowing the update to complete, clicking the 'Relaunch' button will install it. The update was immediately accessible when checked for new updates.

The high-risk zero-day vulnerability, CVE-2024-4947, is a result of a type confusion weakness in Chrome's V8 JavaScript engine, as reported by Kaspersky's Vasily Berdnikov and Boris Larin. Typically, such vulnerabilities allow threat actors to induce browser crashes by reading or writing memory outside of buffer bounds, but they can also be exploited for arbitrary code execution on targeted devices.

Google has confirmed that the CVE-2024-4947 bug was exploited in attacks, but the company has not yet provided additional details about these incidents. Google stated, 'Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.'

This most recent vulnerability in Chrome is the seventh zero-day to be addressed in the Google web browser since the beginning of the year, contributing to the list of zero-days patched in 2024.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.