Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
May 16, 2024
Browser Security / Vulnerability
Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947 , the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024. Type confusion vulnerabilities arise when a program attempts to access a resource with an incompatible type. It can have serious impacts as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code. The development marks the third zero-day that Google has patched within a week after CVE-2024-4671 and CVE-2024-4761 . As is typically the case, no additional details about the attacks are available and have been withheld to prevent further exploitation. "Google is aware that ...