Remote Code Execution in Chrome's V8 Prior to 125.0.6422.60
Key Information
- Vendor
- Status
- Chrome
- Vendor
- CVE Published:
- 15 May 2024
Badges
Summary
The vulnerability CVE-2024-4947 is a type confusion weakness in the Chrome V8 JavaScript engine, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Google has rolled an emergency patch for the high-severity flaw, as it has been exploited in the wild. The bug also affects Chromium-based browsers such as Microsoft Edge, and Microsoft is working on a fix. This is the third zero-day vulnerability that Google has patched in the last week. It is crucial for users to update their Chrome browser to version 125.0.6422.60 in order to address this vulnerability and prevent potential attacks.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-4947 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Chrome < 125.0.6422.60
News Articles
Google fixes eighth actively exploited Chrome zero-day this year
Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in Chrome browser.
4 months ago
Week in review: New Black Basta's social engineering campaign, passing the CISSP exam in 6 weeks - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Basta target orgs with new social engineering
4 months ago
Google patches 3rd Chrome browser zero-day inside of a week
Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.
4 months ago
CVSS V3.1
Timeline
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
First article discovered by BleepingComputer
- 👾
Exploit exists.
Vulnerability Reserved.
Vulnerability published.