Google LLC has released a new emergency Chrome browser security update following the emergence of a new zero-day security vulnerability that is being exploited in the wild.

Tracked as CVE-2024-4947, the zero-day vulnerability is a “type confusion bug” in V8 in Google Chrome prior to version 125.0.6422.60 that allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. V8 is the JavaScript engine in Chrome and the vulnerability could allow an attacker to undertake unauthorized actions within the browser, potentially leading to further attacks.

The specific vulnerability was not the only one addressed in the release, with Google also patching Chome against eight other vulnerabilities. Among them was CVE-2024-4948, which allowed a remote attacker to potentially exploit heap corruption, a memory management error, via a crafted HTML page.

Google is advising users to upgrade to Chrome version 125.0.6422.60/.61 for Windows and macOS and version 125.0.6422.60 for Linux to mitigate potential threats if their browsers are not set to automatically update. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi are also advised to check for updates from their respective browser providers that address the same vulnerabilities found in Chrome.

Patrick Tiquet, vice president of security and architecture at cybersecurity company Keeper Security Inc., told SiliconANGLE that these high-security flaws are serious and should be patched immediately.

“With CVE-2024-4947 actively being exploited in the wild, remote attackers are able to execute arbitrary code on affected systems, potentially compromising them entirely and allowing for data theft, system manipulation, or further exploitation, making it critical for Chrome users to update their browsers as soon as possible,” Tiquet said.

Lionel Litty, chief security architect at cloud security startup Menlo Security Inc., said the need to patch Chrome “is a reflection of attackers continuing to focus on browsers in general and Chrome in particular as their most prized target.”

“An exploitable bug in Chrome often means the ability to target not only the vast numbers of Chrome users on desktop and Android, but also the users of Edge and other more niche browsers that are also based on Chromium,” Litty added.

Image: ChatGPT 4o