Google has resolved nine security flaws in its Chrome browser, including a critical zero-day vulnerability that has been actively exploited.
This specific vulnerability, identified by the CVE code CVE-2024-4947, arises from a type confusion error within the WebAssembly and JavaScript engines of Chrome version 8. Researchers Vasily Berdnikov and Boris Larin from Kaspersky brought this issue to light on May 13, 2024.
This article might interest you! Deep Dive into Cybersecurity Breach Prevention
Type confusion vulnerabilities occur when a piece of software attempts to handle data that is not compatible with the expected type. This can have severe consequences, as it provides malicious actors with the ability to execute arbitrary code, access memory outside of intended bounds, and potentially cause the application to crash. Such vulnerabilities are particularly dangerous because they can be exploited to take complete control of an affected system.
Following CVE-2024-4671 and CVE-2024-4761, this development marks the third zero-day vulnerability that Google has patched in less than a week.
As is customary, further details about the attacks have not been disclosed and are kept confidential to prevent further exploitation. Google has confirmed, ‘An exploit for CVE-2024-4947 exists in the wild.’
Since the beginning of the year, Google has addressed seven zero-day vulnerabilities in Chrome, including CVE-2024-4947.
- V8 Out-of-bounds Memory Access CVE-2024-0519
- Use-after-free in WebCodecs (CVE-2024-2886) (demonstrated during Pwn2Own 2024)
- CVE-2024-2887: WebAssembly type misunderstanding (demonstrated at Pwn2Own 2024)
- Out-of-bounds memory access in V8 is identified as CVE-2024-3159 (demonstrated at Pwn2Own 2024)
- CVE-2024-4671 – Visuals: Use-after-free
- V8 Out-of-bounds write vulnerability CVE-2024-4761
To minimize potential risks, users are advised to update to Chrome version 125.0.6422.60/.61 for Windows and macOS, and version 125.0.6422.60 for Linux.
Additionally, users of Chromium-based browsers such as Vivaldi, Microsoft Edge, Brave, and Opera are recommended to apply these updates as soon as they become available.”
This version streamlines some of the language and ensures that the information is clear and concise.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.