PoC Exploit Surfaces for Google Chrome Zero-Day Vulnerability CVE-2024-4947

May 20, 2024

A proof-of-concept (PoC) exploit for a recently resolved zero-day vulnerability in Google Chrome, known as CVE-2024-4947, has been made public. This development underscores the importance of users promptly updating their browsers to the latest versions.

Google last week released a critical security update for Chrome to rectify a high-severity zero-day vulnerability that was being actively exploited. The issue originates from a type confusion weakness in Chrome's V8 JavaScript engine. The flaw was identified by Kaspersky researchers Vasily Berdnikov and Boris Larin.

Google acknowledged the existence of an exploit for CVE-2024-4947 in an advisory, emphasizing the severity of this vulnerability. Type confusion vulnerabilities typically give threat actors the ability to read or write memory beyond buffer boundaries, which can cause browser crashes or, more worryingly, allow arbitrary code execution on the targeted devices. The active exploitation of this vulnerability in targeted attacks highlights the importance of this security update.

Security researchers @buptsb and @mistymntncop carried out an in-depth technical analysis and published a proof-of-concept (PoC) for CVE-2024-4947. Based on their analysis, the root cause of the flaw is V8's incorrect AccessInfo for module namespace objects, which results in Maglev type confusion. This mistake enables out-of-bound read and write operations within the sandboxed environment, posing a significant security threat.

In response to this serious threat, Google promptly released Chrome versions 125.0.6422.60/.61 for Mac and Windows, and 125.0.6422.60 for Linux. These updates will be distributed to all users on the Stable Desktop channel in the upcoming weeks. Users of Chrome are strongly advised to ensure their browsers are updated to the latest version to reduce the risk associated with this vulnerability.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.