Google has issued a new Chrome security update designed to patch a zero-day vulnerability exploited by hackers. This is a third zero-day flaw patched by Google within two weeks.
The zero-day bug, CVE-2024-4947, is a type confusion issue in the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
In addition to CVE-2024-4947, the tech giant addressed a high severity use-after-free flaw (CVE-2024-4948) in the Dawn component that could allow remote code execution, and two less severe vulnerabilities (CVE-2024-4949 and CVE-2024-4950) that could be used to access sensitive information.
The flaws were patched with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 (Linux).
Earlier this month, Google addressed two Chrome remote code execution bugs CVE-2024-4761 and CVE-2024-4671, said to have been exploited as zero-days.