pixel
Connect with us

News

Update Chrome: Google patches critical update (3rd this week)

Google fixed three zero-day vulnerabilities in Chrome in a week. One of them is actively being exploited for those who havne’t updated.

Urgent Chrome update notification with colorful logo.
Image: KnowTechie

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Google has been having quite a week because it just patched its third zero-day vulnerability in Chrome within seven days. The latest culprit? CVE-2024-4947.

If you think that sounds technical, you’re right, but stick with me. This affects almost everyone using the internet, so it’s worth unpacking

TL;DR Version: CVE-2024-4947 is a zero-day vulnerability in Chrome that’s being actively exploited. This makes it the third vulnerability that has been fixed in Chrome within the past week.

In layman’s terms, zero-day means the folks exploiting it found the vulnerability before Google could patch it. Yikes.

The Official Statement from Google

Google dropped this bombshell in its official blog: “The Stable channel has been updated to 117.0.5938.132 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.”

Yup, they’re basically saying update your browser ASAP to avoid falling prey to these exploits because they are, in fact, being used on the greater public right now.

The Chain of Events

The first zero-day, CVE-2024-4868, was also raised a ruckus earlier in the week followed closely by CVE-2024-4946. And now, CVE-2024-4947 completes this hat-trick of headaches for Google’s security team.

Dive Deeper: What is CVE-2024-4947? According to Bleeping Computer, this Zero-day revolves around an exploit discovered in Chrome’s Rendering Engine, which is a pretty key part of the browser.

Google Chrome updating version window displayed.
Image: KnowTechie

This exploit has been used actively in the wild, meaning bad actors have been taking advantage of it while the rest of us were blissfully unaware.

CVE-2024-4947 is a critical type confusion vulnerability in Google Chrome’s V8 JavaScript engine. This security flaw allows for potential remote code execution and has been actively exploited in the wild. The issue pertains to improper handling of object types, which can lead to arbitrary code execution if successfully exploited.

Key Details:

  • Vulnerability ID: CVE-2024-4947
  • Type: Type Confusion
  • Affected Component: V8 JavaScript Engine in Google Chrome
  • Severity: Critical
  • Exploit Status: Actively exploited in the wild
  • Reported By: Vasily Berdnikov

Google has released a patch to address this vulnerability in Chrome version 125.0 and urges all users to update their browsers immediately to mitigate potential risks

Why Should You Care?

These vulnerabilities can be used for everything from stealing personal information to deploying ransomware. Not updating your browser is akin to locking your front door but leaving the window open.

Protecting Yourself: To update to Chrome, go to your Chrome settings and update to version 117.0.5938.132.

ios automatic updates turned on mockup
Image: KnowTechie

Bonus points: Enable Automatic Updates – make sure your browser and OS are set to update automatically.

Sure, Google might have fixed CVE-2024-4947, but it really makes you think, doesn’t it? Cyber threats are getting smarter and more complex every day.

It’s a good reminder that keeping our software updated and staying sharp with our cybersecurity habits is more important than ever. Stay safe out there.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at kevin@knowtechie.com or find him on Mastodon or Post.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in News