May 16, 2024 at 08:57AM
A new zero-day vulnerability has been disclosed for Google Chrome, marking the third such bug revealed within a week. Google has released an emergency fix for the high-severity flaw (CVE-2024-4947) affecting Mac, Windows, and Linux. This type-confusion weakness in the Chrome V8 JavaScript engine can lead to browser crashes and potential code execution. The bug also impacts Chromium-based browsers like Microsoft Edge.
Based on the meeting notes, here are the clear takeaways:
1. Google has disclosed a third zero-day vulnerability in Google Chrome, labeled as CVE-2024-4947. This high-severity flaw has been addressed with an emergency fix in version 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux. The vulnerability resides in the open source Chrome V8 JavaScript engine and could potentially lead to browser crashes and code execution.
2. The advisory released on May 15 confirms that an exploit for CVE-2024-4947 exists in the wild.
3. It is noted that the bug also impacts Chromium-based browsers such as Microsoft Edge. Microsoft has stated that it is actively working on a fix for this issue.
4. Notably, this is the third zero-day vulnerability that Google has patched within the last week, following CVE-2024-4761 and CVE-2024-4671, both of which allow sandbox escape and have publicly available exploit code.