May 16, 2024 at 05:09AM
Google released Chrome 125 with patches for nine vulnerabilities, including high-severity bugs CVE-2024-4947 and CVE-2024-4948. Exploitation of CVE-2024-4947 could allow remote code execution, and Google acknowledged its exploitation in the wild. Updates are advised due to recent zero-day vulnerabilities. Bug bounty details have not been disclosed.
From the meeting notes, it’s clear that Google has released Chrome 125 to address nine vulnerabilities, four of which were reported by external researchers. The most important bug resolved in this release is CVE-2024-4947, a high-severity type confusion flaw in the V8 JavaScript engine that has already been exploited. Google confirmed the existence of an exploit for this vulnerability in the wild and highlighted its potential impact.
Additionally, Chrome 125 resolves other high, medium, and low-severity vulnerabilities, with bug bounty rewards of $7,000 and $1,000 for two of these issues. The version is now rolling out for Linux, Windows, and macOS, and users are advised to update their browsers as soon as possible, especially due to the severity of CVE-2024-4947. Furthermore, it’s noted that this is the fourth Chrome zero-day vulnerability of 2024 to have been exploited in the wild and the seventh zero-day addressed in the browser this year.
The meeting notes also provide related information about previous vulnerabilities patched by Google and the outcomes of bug bounty rewards. These details should be carefully considered for any further actions or communications related to these vulnerabilities.