Latest Chrome update patches zero-day CVE-2024-4947

If you actively use Google Chrome, it’s time to update the web browser. The latest version, Google Chrome 125.0.6422.60, introduces a patch for an actively exploited zero-day vulnerability, CVE-2024-4947!

The vulnerability, assigned a Security Severity rating of High, was reported to Google by Vasily Berdnikov and Boris Larin from Kaspersky. The National Vulnerability Database describes it as,

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Type Confusion vulnerabilities are critical and must be resolved immediately. These grant threat actors out-of-bound memory access, allow them to execute code, and might even trigger a crash.

Along with CVE-2024-4947, the latest Chrome update brings security fixes for nine other vulnerabilities, including CVE-2024-4948, CVE-2024-4949, and CVE-2024-4950.

Depending on the operating system, you will need to download the following browser versions:

• Linux: Chrome 125.0.6422.60
• Windows/macOS: Chrome 125.0.6422.60/.61

To update Google Chrome > launch the browser > click the Customize and control Google Chrome option (ellipsis) near the top right > hover the cursor over Help > select About Google Chrome > wait for the update to install > then relaunch the browser.

The update is being gradually rolled out, so it might take a while to show up on your PC. Until then, be careful and don’t let threat actors exploit the CVE-2024-4947 vulnerability to attack your system.

On a similar note, this week, Microsoft fixed over 60 vulnerabilities across its offerings.