Flash Notice: CVE-2024-4947 - Google Zero-Day Vulnerability Exploited in the Wild

overview

A critical zero-day vulnerability in Google Chrome, tracked as CVE-2024-4947, is being actively exploited. This high-severity vulnerability, a type confusion bug in the V8 JavaScript engine, could allow remote code execution attacks.  

The vulnerability can be triggered by a crafted HTML page, leading to heap corruption and remote code execution. This is the seventh zero-day exploit targeting Chrome this year and the second within this week. All Chrome versions prior to 125.0.6422.60 for Linux and 125.0.6422.60/.61 for Windows and Mac are impacted. Google has released an emergency security update to address this issue. 

Security researchers from Kaspersky discovered the vulnerability and reported it to Google on May 13th. Google confirmed the active exploitation of CVE-2024-4947 and urges all users to update their browsers immediately. 

avertium's recommendationS

• All users should ensure their browsers are updated to Google Chrome version 125.0.6422.60 or later.  
• To update manually: Go to Chrome menu > Help > About Google Chrome, then let the update finish and click 'Relaunch’.  
• Ensure continuous monitoring of browser updates and patch releases. 
• Additional Security Fixes in Chrome 125 Update 
  • CVE-2024-4948: Use after free in Dawn 
  • CVE-2024-4949: Use after free in V8 
  • CVE-2024-4950: Inappropriate implementation in Downloads 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-4947. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

SUPPORTING DOCUMENTATION