CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Third Chrome Zero-Day Patched by Google Within One Week

Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day. The post Third Chrome Zero-Day Patched by Google Within One Week appeared first on SecurityWeek.

Chrome security

Google on Wednesday announced the release of Chrome 125 to the stable channel with patches for nine vulnerabilities, including four reported by external researchers.

The most important of the bugs is CVE-2024-4947, a high-severity type confusion flaw in the V8 JavaScript engine that has already been exploited.

“Google is aware that an exploit for CVE-2024-4947 exists in the wild,” the internet giant notes in its advisory.

Successful exploitation of the vulnerability could allow “a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page,” a NIST advisory reads.

Google has credited Vasily Berdnikov and Boris Larin of Kaspersky for reporting the flaw on May 13 but has not shared details on the observed exploitation and has yet to disclose the bug bounty it would pay out for it.

The second externally reported bug that Chrome 125 resolves is CVE-2024-4948, a high-severity use-after-free issue in Dawn, the open source, cross-platform implementation of the WebGPU standard in Chromium. No reward has been disclosed for this vulnerability either.

Chrome 125 also resolves a medium-severity use-after-free bug in the V8 engine and a low-severity inappropriate implementation in Downloads. Google says it handed out bug bounty rewards of $7,000 and $1,000 for these two vulnerabilities, respectively.

The latest Chrome iteration is now rolling out as version 125.0.6422.60 for Linux and as versions 125.0.6422.60/.61 for Windows and macOS.

Users are advised to update their browsers as soon as possible, given that CVE-2024-4947 is the third Chrome zero-day to be resolved in one week.

On May 9, Google rolled out patches for CVE-2024-4671, a use-after free flaw in Visuals, and followed up with patches for CVE-2024-4761 on May 14, an out-of-bounds write issue in V8.

CVE-2024-4947 is the fourth Chrome zero-day of 2024 to have been exploited in the wild and the seventh zero-day addressed in the browser this year.

Three of these zero-day vulnerabilities, namely CVE-2024-2886, CVE-2024-2887, and CVE-2024-3159, were patched shortly after being demonstrated at the Pwn2Own Vancouver 2024 hacking contest.

Related: Google Patches Critical Chrome Vulnerability

Related: Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities

Related: Google Pays Out $41,000 for Three Serious Chrome Vulnerabilities

Latest News

CYBERNEWSMEDIAPublisher