CVE-2024-4947: New Chrome 0-Day Vulnerability Under Active Exploitation

Google has issued an urgent security update for its Chrome web browser, responding to a newly discovered “zero-day” vulnerability that is actively being exploited by malicious actors. This serious flaw, known as CVE-2024-4947, could allow attackers to execute harmful code on users’ systems, potentially compromising sensitive data and taking control of their devices.

The vulnerability is a Type Confusion bug residing in Chrome’s V8 JavaScript engine, a core component responsible for running web applications and websites. This type of bug can cause data to be misinterpreted, leading to unpredictable and potentially dangerous behavior within the browser.

Security researchers Vasily Berdnikov and Boris Larin of Kaspersky discovered the flaw and reported it to Google on May 13th. Google has acknowledged the existence of active attacks exploiting CVE-2024-4947, but details remain limited to prevent further exploitation.

In addition to addressing the zero-day vulnerability, Google also patched three other flaws:

• CVE-2024-4948: Use after free in Dawn
• CVE-2024-4949: Use after free in V8
• CVE-2024-4950: Inappropriate implementation in Downloads

Users are strongly recommended to upgrade to the latest Chrome version 125.0.6422.60 for Linux and 125.0.6422.60/.61 for Windows and Mac to safeguard against these vulnerabilities.

Updating Chrome is a straightforward process:

1. Click the three vertical dots in the upper right corner of the browser window.
2. Go to “Help” > “About Google Chrome.”
3. Chrome will automatically check for and install the latest version.

Furthermore, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply the updates as soon as they become available to ensure their systems remain secure.