May 16, 2024 – Google has urgently released a security update for its Chrome browser this Wednesday, addressing a critical vulnerability tracked as CVE-2024-4947. This marks the third zero-day vulnerability discovered and exploited in the past seven days, and the seventh such vulnerability identified this year.
The tech giant has pushed out updates versioned 125.0.6422.60/.61 for Mac and Windows platforms, while Linux users received version 125.0.6422.60. The company aims to complete the rollout of these updates over the next few weeks.
![](https://www.itbear.com/wp-content/uploads/2024/05/image-63.png)
Users eager to apply the patch immediately can manually check for updates by navigating to the Chrome menu, selecting Help, and then clicking on “About Google Chrome” to initiate a browser check for updates. Once the update is installed, a restart of the browser is required to activate the changes.
According to reports, CVE-2024-4947 is a high-risk zero-day vulnerability discovered by Vasily Berdnikov and Boris Larin from Kaspersky. The flaw exists within the Chrome V8 JavaScript engine and stems from a type confusion weakness.
Vulnerabilities of this nature can potentially allow attackers to read or write beyond the boundaries of a buffer, which may result in a browser crash. More dangerously, they could also enable attackers to execute arbitrary code on the targeted device.
Google has confirmed that the CVE-2024-4947 vulnerability has been exploited in attacks, although the company has not yet shared further details about these incidents.