One more reason to not use Chrome!

Google fixes third actively exploited Chrome zero-day in a week

Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.

"Google is aware that an exploit for CVE-2024-4947 exists in the wild," the search giant said in a security advisory published on Wednesday.

The high-severity zero-day vulnerability (CVE-2024-4947) is caused by a type confusion weakness in the Chrome V8 JavaScript engine reported by Kaspersky's Vasily Berdnikov and Boris Larin.

Although such flaws generally enable threat actors to trigger browser crashes by reading or writing memory out of buffer bounds, they can also exploit them for arbitrary code execution on targeted devices.

The other two actively exploited Chrome zero-days patched this week are CVE-2024-4671 (a use-after-free flaw in the Visuals component) and CVE-2024-4761 (an out-of-bounds write bug in the V8 JavaScript engine)

#News #Security #CyberSecurity #Tech #Google #Chrome #ZeroDay

https://www.bleepingcomputer.com/news/google/google-fixes-CVE-2024-4947-third-actively-exploited-chrome-zero-day-in-a-week/