A critical zero-day vulnerability in Google Chrome, tracked as CVE-2024-4947, is being actively exploited. This high-severity vulnerability, a type confusion bug in the V8 JavaScript engine, could allow remote code execution attacks.  

The vulnerability can be triggered by a crafted HTML page, leading to heap corruption and remote code execution. This is the seventh zero-day exploit targeting Chrome this year and the second within this week. All Chrome versions prior to 125.0.6422.60 for Linux and 125.0.6422.60/.61 for Windows and Mac are impacted. Google has released an emergency security update to address this issue. 

Security researchers from Kaspersky discovered the vulnerability and reported it to Google on May 13th. Google confirmed the active exploitation of CVE-2024-4947 and urges all users to update their browsers immediately. 



avertium's recommendationS

  • All users should ensure their browsers are updated to Google Chrome version 125.0.6422.60 or later.  
  • To update manually: Go to Chrome menu > Help > About Google Chrome, then let the update finish and click 'Relaunch’.  
  • Ensure continuous monitoring of browser updates and patch releases. 
  • Additional Security Fixes in Chrome 125 Update 
    • CVE-2024-4948: Use after free in Dawn 
    • CVE-2024-4949: Use after free in V8 
    • CVE-2024-4950: Inappropriate implementation in Downloads 




At this time, there are no known IoCs associated with CVE-2024-4947. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   



How Avertium is Protecting Our CUSTOMERS

Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.  



Chrome Releases: Stable Channel Update for Desktop (googleblog.com) 

Google Chrome Zero-day (CVE-2024-4947) Actively Exploited in The Wild (cybersecuritynews.com) 

Google fixes third actively exploited Chrome zero-day in a week (bleepingcomputer.com) 


Chat With One of Our Experts

Zero-Day Vulnerability Flash Notice Google Chrome Google Chrome Vulnerability Google Zero-Day Blog