Highlights:
- Google patched Chrome against eight more vulnerabilities in addition to the one mentioned in the release, which only addressed the specific one.
- It is also recommended that users of Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, look for updates from the companies that make those browsers that fix the same vulnerabilities present in Chrome.
Google issued a security update for the Chrome browser with the utmost emergency after spotting the latest zero-day security vulnerability being compromised.
The zero-day vulnerability, identified as CVE-2024-4947, is a “type confusion bug” in Google Chrome V8 before version 125.0.6422.60 that gave a remote attacker the ability to run arbitrary code inside a sandbox by using a specially created HTML page. The Chrome browser’s JavaScript engine, V8, has a vulnerability that might enable an attacker to carry out unauthorized actions inside the browser and perhaps lead to more attacks.
Google patched Chrome against eight more vulnerabilities in addition to the one mentioned in the release, which only addressed the specific one. One of these, CVE-2024-4948, allowed a remote attacker the ability to use a crafted HTML page to potentially exploit heap corruption, a memory management problem.
If users’ browsers are not configured to update automatically, Google is encouraging them to upgrade to Chrome version 125.0.6422.60/.61 for Windows and macOS and version 125.0.6422.60 for Linux to mitigate potential dangers. It is also recommended that users of Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, look for updates from the companies that make those browsers that fix the same vulnerabilities that are present in Chrome.
Patrick Tiquet, Vice President of security and architecture at cybersecurity startup Keeper Security Inc., reported that these high-security vulnerabilities are critical and ought to be fixed right away.
“With CVE-2024-4947 actively being exploited in the wild, remote attackers are able to execute arbitrary code on affected systems, potentially compromising them entirely and allowing for data theft, system manipulation, or further exploitation, making it critical for Chrome users to update their browsers as soon as possible,” Tiquet added.
Lionel Litty, Chief Security Architect at cloud security startup Menlo Security Inc., stated the requirement to patch Chrome “is a reflection of attackers continuing to focus on browsers in general and Chrome in particular as their most prized target.”
“An exploitable bug in Chrome often means the ability to target not only the vast numbers of Chrome users on desktop and Android but also the users of Edge and other more niche browsers that are also based on Chromium,” added Litty.