HomeRisk ManagementsGoogle resolves third actively exploited Chrome zero-day within one week - Source:...

Google resolves third actively exploited Chrome zero-day within one week – Source: www.bleepingcomputer.com

Published on

spot_img

Google has recently issued an emergency security update for Chrome in response to the discovery of a third zero-day vulnerability that has been exploited in attacks over the past week. The search giant acknowledged the existence of an exploit for CVE-2024-4947, a high-severity zero-day vulnerability caused by a type confusion weakness in the Chrome V8 JavaScript engine.

Typically, vulnerabilities like these could allow threat actors to initiate browser crashes by either reading or writing memory out of buffer bounds. However, they can also be exploited for arbitrary code execution on targeted devices. This latest zero-day flaw is one of three actively exploited Chrome vulnerabilities that have been patched this week. The other two vulnerabilities are CVE-2024-4671, which is a use-after-free flaw in the Visuals component, and CVE-2024-4761, an out-of-bounds write bug in the V8 JavaScript engine.

In response to these security concerns, Microsoft has also acknowledged the existence of these exploits in the wild and is actively working on releasing a security fix for the Chromium-based Edge web browser. Google has rolled out the fix for the zero-day vulnerability in Chrome through the release of versions 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux. These updated versions will gradually be made available to all users in the Stable Desktop channel in the coming weeks.

Chrome users can ensure they have the latest version installed by checking for updates in the Chrome menu under ‘Help’ and then selecting ‘About Google Chrome’. If an update is available, users can click on the ‘Relaunch’ button to install it. The update was immediately accessible when BleepingComputer checked for new updates.

This latest zero-day vulnerability is the seventh such issue fixed by Google this year. The complete list of zero-days patched in 2024 includes CVE-2024-0519, CVE-2024-2887, CVE-2024-2886, CVE-2024-3159, CVE-2024-4671, and CVE-2024-4761, in addition to the most recent CVE-2024-4947. These vulnerabilities have been identified in different components of the Chrome browser, such as the V8 JavaScript engine, WebAssembly, WebCodecs API, and Visuals component.

While Google has confirmed that the CVE-2024-4947 vulnerability has been used in attacks, details about these incidents have not been publicly disclosed. The company stated that access to bug details and links may be restricted until a majority of users have been updated with a fix and if the bug exists in a third-party library that other projects depend on but have not yet fixed.

Overall, the rollout of this emergency security update aims to enhance the protection of Chrome users against potential threats and cyber attacks targeting these vulnerabilities. Users are encouraged to update their browsers promptly to ensure they are safeguarded against any potential exploits of these zero-day vulnerabilities.

Source link

Latest articles

Webinar: The Infrastructure Decisions Shaping the Next Five Years

Webinar Explores Infrastructure Decisions Shaping the Next Five Years In a recent webinar titled "The...

Blip – Free Cross-Platform File Sharing App

New File-Sharing Application 'Blip' Revolutionizes Device-to-Device Transfers A groundbreaking file-sharing application named Blip has emerged,...

Your Security Data May Be Going Places You Don’t Know Webinar

ISMG Registration Process: Empowering Users to Stay Informed In a significant move to engage users,...

Hackers Compromise C++ and C# Project Files to Distribute Multi-Stage Windows Backdoor

New Trojan Turns Visual Studio Projects into Software Supply Chain Attack Vectors In an alarming...

More like this

Webinar: The Infrastructure Decisions Shaping the Next Five Years

Webinar Explores Infrastructure Decisions Shaping the Next Five Years In a recent webinar titled "The...

Blip – Free Cross-Platform File Sharing App

New File-Sharing Application 'Blip' Revolutionizes Device-to-Device Transfers A groundbreaking file-sharing application named Blip has emerged,...

Your Security Data May Be Going Places You Don’t Know Webinar

ISMG Registration Process: Empowering Users to Stay Informed In a significant move to engage users,...