Google issues emergency Chrome update to patch critical new vulnerability - SiliconANGLE

Google LLC has released a new emergency Chrome browser security update following the emergence of a new zero-day security vulnerability that is being exploited in the wild.

Tracked as CVE-2024-4947, the zero-day vulnerability is a “type confusion bug” in V8 in Google Chrome prior to version 125.0.6422.60 that allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. V8 is the JavaScript engine in Chrome and the vulnerability could allow an attacker to undertake unauthorized actions within the browser, potentially leading to further attacks.

The specific vulnerability was not the only one addressed in the release, with Google also patching Chome against eight other vulnerabilities. Among them was CVE-2024-4948, which allowed a remote attacker to potentially exploit heap corruption, a memory management error, via a crafted HTML page.

Google is advising users to upgrade to Chrome version 125.0.6422.60/.61 for Windows and macOS and version 125.0.6422.60 for Linux to mitigate potential threats if their browsers are not set to automatically update. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi are also advised to check for updates from their respective browser providers that address the same vulnerabilities found in Chrome.

Patrick Tiquet, vice president of security and architecture at cybersecurity company Keeper Security Inc., told SiliconANGLE that these high-security flaws are serious and should be patched immediately.

“With CVE-2024-4947 actively being exploited in the wild, remote attackers are able to execute arbitrary code on affected systems, potentially compromising them entirely and allowing for data theft, system manipulation, or further exploitation, making it critical for Chrome users to update their browsers as soon as possible,” Tiquet said.

Lionel Litty, chief security architect at cloud security startup Menlo Security Inc., said the need to patch Chrome “is a reflection of attackers continuing to focus on browsers in general and Chrome in particular as their most prized target.”

“An exploitable bug in Chrome often means the ability to target not only the vast numbers of Chrome users on desktop and Android, but also the users of Edge and other more niche browsers that are also based on Chromium,” Litty added.

newsid: rvf2b77j0javcr9

Related stories
4 minutes ago - Families in California pay more for groceries than those in any other state. Now, a single fruit is being sold at a SoCal retailer that costs more than the average of $297.72 per week that househol…
31 minutes ago - Berkshire Hathaway is the creation of Warren Buffett, so what will it be when Buffett steps aside?
55 minutes ago - GameStop (NYSE:GME) stock doesn’t seem to do anything in half measures. Following a long absence, a recent tweet by Roaring Kitty, the person largely responsible fo...
1 hour ago - Every restaurant investor is looking for the next Chipotle Mexican Grill (NYSE: CMG). The fast-casual restaurant chain has posted phenomenal returns...
1 hour ago - My bologna has a first name, it's O-S-C-A-R...We all recognize the famous Oscar Mayer jingle. But the brand has much more than bologna. It also has...
Other stories
1 hour ago - The Dow Jones Industrial Average is coming off of a notable week, having reached an all-time high on Thursday and a close above 40,000 on Friday.
1 hour ago - Ripple saw substantial progress in numerous aspects during Q1. Will XRP see green as progress is made in Q2?
1 hour ago - There was a significant surge in activity on the Cardano network over the past few days. Will ADA rise again?
1 hour ago - Copper is emerging as the next indispensable industrial commodity, mirroring oil’s rise in earlier decades, a top commodities analyst said. This...
1 hour ago - Costco's multinational chain of membership-only stores have increased some prices, like for olive oil and gas, while its $1.50 hot dog-soda combo is unchanged for the time being.