This is the third zero gap in a week. How many more errors will be detected?
Google released updates to address nine vulnerabilities in the Chrome browser, including a new zero-day vulnerability that is actively used by attackers. The vulnerability was identified as CVE-2024-4947 and is related to the Type Confusion error in the V8 JavaScript engine and WebAssembly.
The bug was discovered by Kaspersky Lab researchers Vasily Berdnikov and Boris Larin on May 13, 2024. Type Confusion vulnerabilities occur when a program tries to access a resource with an incompatible type. This can lead to serious consequences, such as Memory Out-of-bounds, crashes, and arbitrary code execution.
This incident was the third zero-day vulnerability patched by Google in the past week, following CVE-2024-4671 and CVE-2024-4761. Additional details about the attacks were not disclosed to prevent further exploitation of the vulnerability, but the company says it is aware of the existence and use of an exploit for CVE-2024-4947 in the wild nature Conservation (ITW).
Taking into account CVE-2024-4947, Google has already fixed seven zero-day vulnerabilities in Chrome since the beginning of the year:
Chrome users are advised to upgrade to version 125.0.6422.60/.61 to reduce potential threats. At the same time, users of other Chromium — based browsers, such as Edge, Brave, Opera, and Vivaldi, should apply the updates as soon as they become available.
Google released updates to address nine vulnerabilities in the Chrome browser, including a new zero-day vulnerability that is actively used by attackers. The vulnerability was identified as CVE-2024-4947 and is related to the Type Confusion error in the V8 JavaScript engine and WebAssembly.
The bug was discovered by Kaspersky Lab researchers Vasily Berdnikov and Boris Larin on May 13, 2024. Type Confusion vulnerabilities occur when a program tries to access a resource with an incompatible type. This can lead to serious consequences, such as Memory Out-of-bounds, crashes, and arbitrary code execution.
This incident was the third zero-day vulnerability patched by Google in the past week, following CVE-2024-4671 and CVE-2024-4761. Additional details about the attacks were not disclosed to prevent further exploitation of the vulnerability, but the company says it is aware of the existence and use of an exploit for CVE-2024-4947 in the wild nature Conservation (ITW).
Taking into account CVE-2024-4947, Google has already fixed seven zero-day vulnerabilities in Chrome since the beginning of the year:
- CVE-2024-0519 — going beyond the boundaries of the memory array in V8;
- CVE-2024-2886 — Use-After-Free в WebCodecs;
- CVE-2024-2887 — confusion type error in WebAssembly;
- CVE-2024-3159 — going beyond the boundaries of the memory array in V8;
- CVE-2024-4671 — Use-After-Free в Visuals;
- CVE-2024-4761 — write outside the array boundaries in V8.
Chrome users are advised to upgrade to version 125.0.6422.60/.61 to reduce potential threats. At the same time, users of other Chromium — based browsers, such as Edge, Brave, Opera, and Vivaldi, should apply the updates as soon as they become available.
