Google has released updates to eliminate nine vulnerabilities in the Chromium browser, including a new Zero-day vulnerability that is actively being exploited by attackers. The vulnerability, identified as CVE-2024-4947, is related to a Type confusion error in the JavaScript V8 and WebAssembly engine.
The vulnerability was discovered by researchers from the Kaspersky laboratory, Vasily Berdnikov and Boris Larin, on May 13, 2024. Type confusion vulnerabilities occur when a program attempts to access a resource with an incompatible type, which can result in serious consequences such as Memory Out-Of-Bounds errors, operational failures, and the execution of arbitrary code.
This incident marks the third zero-day vulnerability that Google has addressed in the past week, following CVE-2024-4671 and CVE-2024-4761. Further details about the attacks have not been disclosed to prevent further exploitation of the vulnerability, but Google acknowledges the existence and exploitation of the CVE-2024-4947 exploit in real attacks.
With the inclusion of CVE-2024-4947, Google has now fixed seven zero-day vulnerabilities in Chrome since the beginning of the year:
- CVE-2024-0519 – Memory Out-Of-Bounds in V8;
- CVE-2024-2886 – Use-After-Free in WebCodeCs;
- CVE-2024-2887 – Confusion error in WebAssembly;
- CVE-2024-3159 – Memory Out-Of-Bounds in V8;
- CVE-2024