May 16, 2024 – Google has urgently released a security update for its Chrome browser this Wednesday, addressing a critical vulnerability tracked as CVE-2024-4947. This marks the third zero-day vulnerability discovered and exploited in the past seven days, and the seventh such vulnerability identified this year.
The tech giant has pushed out updates versioned 125.0.6422.60/.61 for Mac and Windows platforms, while Linux users received version 125.0.6422.60. The company aims to complete the rollout of these updates over the next few weeks.
Users eager to apply the patch immediately can manually check for updates by navigating to the Chrome menu, selecting Help, and then clicking on “About Google Chrome” to initiate a browser check for updates. Once the update is installed, a restart of the browser is required to activate the changes.
According to reports, CVE-2024-4947 is a high-risk zero-day vulnerability discovered by Vasily Berdnikov and Boris Larin from Kaspersky. The flaw exists within the Chrome V8 JavaScript engine and stems from a type confusion weakness.
Vulnerabilities of this nature can potentially allow attackers to read or write beyond the boundaries of a buffer, which may result in a browser crash. More dangerously, they could also enable attackers to execute arbitrary code on the targeted device.
Google has confirmed that the CVE-2024-4947 vulnerability has been exploited in attacks, although the company has not yet shared further details about these incidents.