Monday, December 23, 2024

Google issues emergency Chrome update to patch critical zero-day vulnerability – SiliconANGLE

Must read

Google LLC has released a new emergency Chrome browser security update following the emergence of a new zero-day security vulnerability that is being exploited in the wild.

Tracked as CVE-2024-4947, the zero-day vulnerability is a type of confusion bug in V8 in Google Chrome prior to version 125.0.6422.60 that allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. V8 is the JavaScript engine in Chrome and the vulnerability could allow an attacker to undertake unauthorized actions within the browser, potentially leading to further attacks.

The specific zero-day vulnerability was not the only vulnerability addressed in the release, with Google also patching Chome against eight other vulnerabilities. Among them was CVE-2024-4948, a vulnerability that allowed a remote attacker to potentially exploit heap corruption – a memory management error – via a crafted HTML page.

Google is advising users to upgrade to Chrome version 125.0.6422.60/.61 for Windows and macOS and version 125.0.6422.60 for Linux to mitigate potential threats if their browsers are not set to automatically update. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi are also advised to check for updates from their respective browser providers that address the same vulnerabilities found in Chrome.

Discussing the news, Patrick Tiquet, vice president of Security & Architecture at cybersecurity company Keeper Security Inc., told SiliconANGLE that “these high-security flaws are serious and should be patched immediately.”

“With CVE-2024-4947 actively being exploited in the wild, remote attackers are able to execute arbitrary code on affected systems, potentially compromising them entirely and allowing for data theft, system manipulation, or further exploitation, making it critical for Chrome users to update their browsers as soon as possible,” Tiquet explains.

Lionel Litty, chief security architect at cloud security startup Menlo Security Inc., commented that the need to patch Chrome “is a reflection of attackers continuing to focus on browsers in general and Chrome in particular as their most prized target.”

“An exploitable bug in Chrome often means the ability to target not only the vast numbers of Chrome users on desktop and Android, but also the users of Edge and other more niche browsers that are also based on Chromium,” Litty added.

Image: ChatGPT 4o

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Latest article