Google Chrome hit with 3rd zero-day vulnerability this week; emergency update released
The patch addresses a critical vulnerability (CVE-2024-4947) in Chrome's JavaScript engine.
2 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Key notes
- Chrome hit with 3rd zero-day attack this week, update urgently!
- Critical flaw (CVE-2024-4947) lets attackers potentially take over your device.
- Google Chrome versions 125.0.6422.60 fix the issue, update now!
Google has run to release an emergency security update for Chrome after a third zero-day vulnerability (CVE-2024-4947) was discovered and exploited, obviously.
A zero-day vulnerability is a security hole in software that’s unknown to the vendor or developer. This means there’s no patch or fix available yet, making systems vulnerable until one is created. This type of vulnerability allows attackers to bypass security protections and potentially take control of your device.
The flaw, identified by Kaspersky researchers, is present in Chrome’s V8 JavaScript engine and could enable attackers to run malicious code on targeted systems. Google has confirmed the vulnerability was actively used in attacks, but details are limited for now.
The good news is that Google has released a fix. Chrome versions 125.0.6422.60/.61 (Mac/Windows) and 125.0.6422.60 (Linux) address the vulnerability.
Chrome typically updates automatically, but you can also manually check for updates by going to the Chrome menu > Help > About Google Chrome.
This is the seventh zero-day vulnerability Google has patched in Chrome this year; hence, keep your browser up-to-date.
Users of Microsoft Edge, the Chromium-based web browser, should also be aware. Microsoft has acknowledged the existence of exploits targeting CVE-2024-4947 and is actively working on a security fix for Edge.
More here.
User forum
0 messages