<\/div>\n

Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week.<\/h2>\n\n\n\n

Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-4947, in the Chrome browser, it is the third zero-day exploited in attacks that was disclosed this week.<\/p>\n\n\n\n

The vulnerability CVE-2024-4947 is a type confusion that resides in V8 JavaScript engine. The vulnerability was reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on May 13, 2024.<\/gwmw><\/p>\n\n\n\n

“Google is aware that an exploit for CVE-2024-4947 exists in the wild,” reads the advisory<\/a>\u00a0published by Google. <\/em><\/p>\n\n\n\n

This week the IT giant fixed other two actively exploited Chrome zero-day issues, respectively tracked\u00a0CVE-2024-4671<\/a> and\u00a0CVE-2024-4761<\/a>.<\/p>\n\n\n\n

Below is the list of actively exploited zero-day vulnerabilities in the Chrome browser that have been fixed this year:<\/p>\n\n\n\n

\n
• CVE-2024-0519<\/a><\/strong>: an out of bounds memory access in the Chrome JavaScript engine. (January 2024)<\/li>\n\n\n\n
• CVE-2024-2887<\/a><\/strong>: \u00a0a type confusion issue that resides in WebAssembly. Manfred Paul\u00a0demonstrated<\/a>\u00a0the vulnerability during the Pwn2Own 2024. (March 2024)<\/li>\n\n\n\n
• CVE-2024-2886<\/a><\/strong>: a use after free issue that resides in the WebCodecs. The flaw was demonstrated by Seunghyun Lee (@0x10n<\/a>) of KAIST Hacking Lab during the Pwn2Own 2024. (March 2024)<\/li>\n\n\n\n
• CVE-2024-3159<\/a><\/strong>: an out-of-bounds memory access in V8 JavaScript\u00a0engine. The flaw was demonstrated by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks during the Pwn2Own 2024 on March 22, 2024. (March 2024)<\/li>\n\n\n\n
• CVE-2024-4671<\/strong><\/a>: a use-after-free issue that resides in the Visuals component (May 2024).\u00a0<\/li>\n\n\n\n
• CVE-2024-4761<\/a><\/strong>: an out-of-bounds write issue that resides in the V8 JavaScript engine (May 2024).\u00a0<\/gwmw><\/li>\n<\/ul>\n\n\n\n

  Google also addressed the following vulnerabilities:<\/p>\n\n\n\n

  \n
  • [TBD][333414294<\/a>] High <\/strong>CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09<\/em><\/gwmw><\/li>\n\n\n\n
  • [$7000][326607001<\/a>] Medium <\/strong>CVE-2024-4949: Use after free in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-02-24<\/em><\/li>\n\n\n\n
  • [$1000][400-9056956<\/a>] Low <\/strong>CVE-2024-4950: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-06-06<\/em><\/gwmw><\/li>\n<\/ul>\n\n\n\n

    Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

    Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

    (<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0Google)<\/strong><\/gwmw><\/p>\n\n\n\n

    <\/gwmw><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"

    Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-4947, in the Chrome browser, it is the third zero-day exploited in attacks that was disclosed this week. The vulnerability CVE-2024-4947 is […]<\/p>\n","protected":false},"author":1,"featured_media":45647,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,5,55],"tags":[2037,42,4112,9508,9506,10918,687,841,1533],"class_list":["post-163238","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-hacking","category-security","tag-chrome","tag-google","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n