Google has released a Stable release of Chrome 125. That version fixed a bug that Google says is a known public exploit. Details about this possible exploitation are lacking. It is now the sixth zero day found in the browser this year.
Google writes that it has released Chrome 125.0.6422.60 and 125.0.6422.60/.61 for Linux, Windows and macOS. The release contains several bug fixes, but also nine vulnerabilities are resolved. Four of these were submitted by external researchers through Google's responsible disclosure program. Of those bugs, there is one that Google says is a public exploit. That is CVE-2024-4947, a type confusion in the V8 JavaScript engine in the browser.
According to Google, it is possible for attackers to remotely execute code in a sandbox environment if a victim is on a separate phishing page. The bug is estimated as a high risk, partly because Google says that a public exploit is available. However, no details are available about this; Google does not name which exploit it is and does not say whether the bug is actively being exploited.
It is the third time in just a few weeks that a zero-day has been fixed in Chrome. Previously, there also appeared to be a bug, CVE-2024-4761, in the V8 engine. That was an out-of-bounds write vulnerability. It is now the sixth zero day that Google had to fix the browser this year.
Leave a Reply
You must be logged in to post a comment.