Hacker discovers and exploits third 0-day vulnerability in Chrome, prompting Google to release patch within a week

Google Company released Another emergency update for its Chrome browser to fix the third zero-day vulnerability in a week, already used by hackers in attacks.

Fresh 0-day received ID CVE-2024-4947and the developers warn that there is already an exploit for this problem, and it is already being used in real attacks.

Advertisement

The vulnerability has been assigned high-risk status and is known to be associated with a bug in the V8 JavaScript engine, which was reported by Kaspersky Lab employees Vasily Berdnikov and Boris Larin.

The company fixed the bug with the release of versions 125.0.6422.60/.61 for Mac and Windows, as well as version 125.0.6422.60 for Linux. These versions are expected to be available to all users in the Stable Desktop channel in the coming weeks.

The company has not yet disclosed any additional information about the vulnerability itself or the attack related to it, giving users more time to install patches.

Let us remind you that this is the third zero-day vulnerability in Chrome that has been fixed in the last week: earlier, Google engineers released urgent patches for problems CVE-2024-4671 and CVE-2024-4761.

Advertisement

Thus, in 2024, seven zero-day vulnerabilities have already been fixed in Chrome, three of which were demonstrated at the Pwn2Own hacker competition in Vancouver in March of this year.

Advertisement