{"id":3593,"date":"2024-05-16T07:48:06","date_gmt":"2024-05-16T12:48:06","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/patch-now-google-zero-day-exploit"},"modified":"2024-05-16T07:48:06","modified_gmt":"2024-05-16T12:48:06","slug":"patch-now-another-google-zero-day-under-exploit-in-the-wild","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/05\/16\/patch-now-another-google-zero-day-under-exploit-in-the-wild\/","title":{"rendered":"Patch Now: Another Google Zero-Day Under Exploit in the Wild"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Another Google Chrome zero-day vulnerability is being exploited in the wild, the tech giant has disclosed \u2014 the third such bug revealed in just a week.<\/span><\/p>\n

Google has pushed an <\/span>emergency fix<\/a><\/span> for the high-severity flaw (CVE-2024-4947) with version 125.0.6422.60\/.61 for Mac\/Windows and 125.0.6422.60 for Linux. According to the bug advisory, it’s a <\/span>type-confusion weakness<\/a><\/span> in the open source Chrome V8 JavaScript engine. While Google didn’t detail the types of attacks that are underway using the exploit, these types of bugs can lead to browser crashes and, in some cases, code execution.<\/span><\/p>\n

“Google is aware that an exploit for CVE-2024-4947 exists in the wild,” according to the advisory, released May 15.<\/span><\/p>\n

The bug also affects Chromium-based browsers such as Microsoft Edge; <\/span>Microsoft said<\/a><\/span> that it’s working on a fix.<\/span><\/p>\n

This is the third <\/span>zero-day that Google has patched<\/a><\/span> in the last week, following the disclosure of CVE-2024-4761 (an out-of-bounds write vulnerability in V8 that has exploit code publicly available) and CVE-2024-4671 (a use-after-free flaw in the Visuals component that’s under active exploit); both allow sandbox escape.<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Another Google Chrome zero-day vulnerability is being exploited in the<\/p>\n","protected":false},"author":12,"featured_media":3594,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-3593","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?fit=2560%2C1776&ssl=1",2560,1776,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?fit=300%2C208&ssl=1",300,208,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?fit=640%2C444&ssl=1",640,444,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?fit=640%2C444&ssl=1",640,444,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?fit=1536%2C1065&ssl=1",1536,1065,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?fit=2048%2C1421&ssl=1",2048,1421,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?fit=1024%2C710&ssl=1",1024,710,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/patch-now-another-google-zero-day-under-exploit-in-the-wild-scaled.jpg?fit=2560%2C1776&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3593"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3593\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/3594"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}