in

Google patches another zero-day exploit in Chrome – and this one affects Edge too

Kyle Kucharski/ZDNET

If you’re using Google’s Chrome browser, it’s time to update it — and fast.

Google confirmed this week that it has released Chrome 125 for Windows, Mac, and Linux. The update includes a range of patches to security flaws, including a zero-day exploit called CVE-2024-4947. Zero-day exploits are vulnerabilities in software that malicious actors may know about and can easily target users because the software maker has yet to patch the flaw. And if that sounds familiar, it’s because Google released another patch last week to fix another zero-day exploit.

Also: Meet Hackbat: An open-source, more powerful Flipper Zero alternative

CVE-2024-4947 refers to “Type Confusion in V8” Javascript. The flaw, which was discovered by security researchers Vasily Berdnikov and Boris Larin at security company Kaspersky, could enable hackers to target individual users and cause their browsers to crash. It could also be used to execute code that could put their data at risk.

For its part, Google shared a few precious details about the flaw, saying instead that “access to bug details and links may be kept restricted until a majority of users are updated with a fix.” The company added that it’s “aware that an exploit for CVE-2024-4947 exists in the wild,” but it stopped short of providing details.

However, it gets worse. In addition to Google’s Chrome, the flaw also affects Microsoft’s Edge browser because it’s based on the same Chromium technology as Chrome. In a statement on Wednesday, Microsoft said that it’s working on a fix and echoed Google’s sentiment.

Also: The best VPN services of 2024: Expert tested and reviewed

“Microsoft is aware of the recent exploits existing in the wild,” the company wrote on its website. “We are actively working on releasing a security fix.”

All Edge users can do is sit and wait for Microsoft to release that update and patch their browsers as quickly as possible. For Chrome users, however, it’s time to immediately update their browsers. 

For starters, it’s important to know which version of Chrome you’re currently running. To determine that, click on the “About Google Chrome” option in your browser. On a Windows machine, you can check that by choosing “Settings” > “About Google Chrome.” On a Mac, it’s as simple as clicking on the Chrome option at the top of your screen and choosing “About Google Chrome.”

Also: Security researchers say this scary exploit could render all VPNs useless

Once there, Google will let you know which version of Chrome you’re running and if it’s not the latest version, it’ll automatically download Chrome 125. From there, simply choose the “Relaunch” option to restart your browser and ensure your machine is patched.

Google said that its Chrome 125 update will be rolling out “over the coming days/weeks,” but it was available on Chrome software I was running on multiple devices. So chances are, you should be good to go update and protect yourself from the latest scary flaw in Chrome.


Source: Information Technologies - zdnet.com

I tested a robot vacuum with a handheld vacuum that empties itself

Are all Linux vendor kernels insecure? A new study says yes, but there’s a fix