On Wednesday, Google announced the release of Chrome 125 with patches for nine vulnerabilities.

One of the most significant bugs known as CVE-2024-4947, has already been exploited. This bug is a high-severity type confusion flaw located in the V8 JavaScript engine. The successful exploitation of this vulnerability would enable a remote hacker to execute arbitrary code. Thus far, Google has credited Kaspersky workers Vasily Berdnikov and Boris Larin for reporting the vulnerabilities. The second significant externally reported bug is CVE-2024-4948, a high-severity use-after-free issue in an open-source cross-platform known as Dawn. Chrome 125 aims to remediate these vulnerabilities and users are encouraged to update their browsers as soon as possible.

Read more:

https://www.securityweek.com/third-chrome-zero-day-patched-by-google-within-one-week/