Google patches third exploited Chrome zero-day in a week

Google patches third exploited Chrome zero-day in a week

May 15, 2024 at 06:43PM

Google released a new emergency Chrome security update to address a third zero-day vulnerability (CVE-2024-4947) exploited in attacks. This high-severity flaw was fixed with the release of version 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux. This is the seventh actively exploited zero-day patched in 2024. Users can ensure they are running the latest version through Chrome menu > Help > About Google Chrome.

Based on the meeting notes, the key takeaways for the new emergency Chrome security update are as follows:

– Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within the week.
– The vulnerability is identified as CVE-2024-4947 and is related to a type confusion weakness in the Chrome V8 JavaScript engine.
– The update has been released for Mac, Windows, and Linux with the versions 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux. The update will roll out to all users in the Stable Desktop channel over the coming weeks.
– Users can confirm they are running the latest version by going to Chrome menu > Help > About Google Chrome and then clicking on the ‘Relaunch’ button to install the update.
– It has been confirmed that the high-severity zero-day vulnerability (CVE-2024-4947) was actively exploited in attacks.
– Additionally, this is the seventh actively exploited zero-day patched in the Google web browser since the start of the year.

Let me know if you need anything else!

Full Article