UPDATED 20:09 EDT / MAY 16 2024

SECURITY

Google issues emergency Chrome update to patch critical new vulnerability

Google LLC has released a new emergency Chrome browser security update following the emergence of a new zero-day security vulnerability that is being exploited in the wild.

Tracked as CVE-2024-4947, the zero-day vulnerability is a “type confusion bug” in V8 in Google Chrome prior to version 125.0.6422.60 that allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. V8 is the JavaScript engine in Chrome and the vulnerability could allow an attacker to undertake unauthorized actions within the browser, potentially leading to further attacks.

The specific vulnerability was not the only one addressed in the release, with Google also patching Chome against eight other vulnerabilities. Among them was CVE-2024-4948, which allowed a remote attacker to potentially exploit heap corruption, a memory management error, via a crafted HTML page.

Google is advising users to upgrade to Chrome version 125.0.6422.60/.61 for Windows and macOS and version 125.0.6422.60 for Linux to mitigate potential threats if their browsers are not set to automatically update. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi are also advised to check for updates from their respective browser providers that address the same vulnerabilities found in Chrome.

Patrick Tiquet, vice president of security and architecture at cybersecurity company Keeper Security Inc., told SiliconANGLE that these high-security flaws are serious and should be patched immediately.

“With CVE-2024-4947 actively being exploited in the wild, remote attackers are able to execute arbitrary code on affected systems, potentially compromising them entirely and allowing for data theft, system manipulation, or further exploitation, making it critical for Chrome users to update their browsers as soon as possible,” Tiquet said.

Lionel Litty, chief security architect at cloud security startup Menlo Security Inc., said the need to patch Chrome “is a reflection of attackers continuing to focus on browsers in general and Chrome in particular as their most prized target.”

“An exploitable bug in Chrome often means the ability to target not only the vast numbers of Chrome users on desktop and Android, but also the users of Edge and other more niche browsers that are also based on Chromium,” Litty added.

Image: ChatGPT 4o

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU