Another Google Chrome zero-day vulnerability is being exploited in the wild, the tech giant has disclosed — the third such bug revealed in just a week.

Google has pushed an emergency fix for the high-severity flaw (CVE-2024-4947) with version 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux. According to the bug advisory, it’s a type-confusion weakness in the open source Chrome V8 JavaScript engine. While Google didn’t detail the types of attacks that are underway using the exploit, these types of bugs can lead to browser crashes and, in some cases, code execution.

“Google is aware that an exploit for CVE-2024-4947 exists in the wild,” according to the advisory, released May 15.

The bug also affects Chromium-based browsers such as Microsoft Edge; Microsoft said that it’s working on a fix.

This is the third zero-day that Google has patched in the last week, following the disclosure of CVE-2024-4761 (an out-of-bounds write vulnerability in V8 that has exploit code publicly available) and CVE-2024-4671 (a use-after-free flaw in the Visuals component that’s under active exploit); both allow sandbox escape.





Source link