Remote Code Execution in Chrome's V8 Prior to 125.0.6422.60

CVE-2024-4947
8.8HIGH

Key Information

Vendor
Google
Status
Chrome
Vendor
CVE Published:
15 May 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists📰 News Worthy

Summary

The vulnerability CVE-2024-4947 is a type confusion weakness in the Chrome V8 JavaScript engine, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Google has rolled an emergency patch for the high-severity flaw, as it has been exploited in the wild. The bug also affects Chromium-based browsers such as Microsoft Edge, and Microsoft is working on a fix. This is the third zero-day vulnerability that Google has patched in the last week. It is crucial for users to update their Chrome browser to version 125.0.6422.60 in order to address this vulnerability and prevent potential attacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-4947 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Chrome < 125.0.6422.60

News Articles

favicon imageSecurity Affairs

Google fixes eighth actively exploited Chrome zero-day this year

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in Chrome browser.

4 months ago

favicon imageHelp Net Security

Week in review: New Black Basta's social engineering campaign, passing the CISSP exam in 6 weeks - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Basta target orgs with new social engineering

4 months ago

favicon imageSC Media

Google patches 3rd Chrome browser zero-day inside of a week

Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.

4 months ago

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • First article discovered by BleepingComputer

  • 👾

    Exploit exists.

  • Vulnerability Reserved.

  • Vulnerability published.

Collectors

NVD DatabaseMitre DatabaseCISA Database15 News Article(s)
.