1 min Security

Emergency update Chrome fixes highly critical zero-day

Emergency update Chrome fixes highly critical zero-day

Google has released an emergency update for Chrome to keep out a critical zero-day. The vulnerability allows cybercriminals to run arbitrary code via a specially created HTML page through a sandbox in the browser’s V8 JavaScript engine.

More specifically, the recently released emergency patch for CVE-2024-4947 in the Chrome browser should address a so-called type confusion bug. The vulnerability ultimately allows cybercriminals to perform unauthorized actions in the browser environment, which can then trigger other attacks.

More browsers vulnerable

The vulnerability occurs in all Chrome releases before version 125.0.6422.60. The tech giant strongly advises users to update to version 125.0.6422.60/.61 for Windows and macOS. Linux users should update to version 125.0.6422.60.

Users of Chromium-based browsers such as Microsoft Edge, Opera, Vivaldi and Brave should also check for updates. These browsers are also affected by the same vulnerability.

Other patches

In addition to the critical vulnerability, Google Chrome closed eight other vulnerabilities in the emergency patch. Among them, the CVE-2024-4948 vulnerability was addressed. Cybercriminals can exploit a memory management error or heap corruption through this vulnerability. A specifically created HTML page also plays a role for this.

Also read: Windows Events logs allow for checking data theft in Chromium browsers