CVE-2024-4947 and CVE-2024-4948: Google Patches Chrome Zero-Days

Summary of the Emergency Patch

Google has issued an emergency security update for the Chrome browser to address two high-severity vulnerabilities that are being exploited in active attacks. According to BleepingComputer, these Zero-Day flaws, tracked as CVE-2024-4947 and CVE-2024-4948, represent the seventh and eighth such vulnerabilities patched by Google since the beginning of 2024. The frequency of these disclosures underscores the continued focus by threat actors on Chromium-based browsers as a primary entry point for compromising enterprise workstations.

Technical Analysis of CVE-2024-4947 and CVE-2024-4948

The most significant of the two flaws is CVE-2024-4947, which is a type confusion vulnerability in the V8 JavaScript engine. V8 is the open-source JavaScript and WebAssembly engine developed by the Chromium project. This specific flaw was reported by Man Yue Mo of the GitHub Security Lab.

Type confusion occurs when the engine assumes a specific type is passed to it, but the actual data type is different. This discrepancy can lead to the engine reading or writing outside the bounds of the allocated memory, potentially granting an attacker the ability to execute arbitrary code within the context of the browser process. Understanding V8 engine type confusion vulnerability remediation is essential for maintaining browser security, as this component remains one of the most targeted surfaces for RCE attacks.

The second vulnerability, CVE-2024-4948, is a use-after-free (UAF) flaw in Dawn, the cross-platform implementation of the WebGPU standard. This vulnerability was reported by an anonymous researcher. Use-after-free vulnerabilities occur when an application continues to use a pointer after the memory it refers to has been deallocated. In a web browser context, an attacker can craft a malicious website that triggers this memory corruption, leading to a crash or, more severely, the execution of malicious code.

Threat Landscape and Impact

Google has confirmed that functional exploits for both vulnerabilities exist in the wild. While the specific APT or threat groups involved have not been named, the rapid succession of Chrome patches this month—including fixes for other zero-days on May 9 and May 13—suggests a concentrated effort by sophisticated actors to exploit browser-based memory safety issues.

For security teams, identifying how to detect CVE-2024-4947 exploit attempts involves monitoring for unusual browser behavior. Security operations center (SOC) analysts should look for indicators such as frequent Chrome crashes across multiple endpoints or child processes being spawned from Chrome that are not typical for web browsing. Correlating logs in a SIEM from EDR tools can help identify post-exploitation activity, such as Lateral Movement or the establishment of C2 channels, which often follow a successful browser-based compromise.

Chrome 125.0.6422.60 Patch Guidance

The primary mitigation for these vulnerabilities is the immediate application of the security updates provided by Google. The following Chrome 125.0.6422.60 patch guidance outlines the necessary versions for protection:

• Windows and macOS: Update to version 125.0.6422.60/.61 or later.
• Linux: Update to version 125.0.6422.60 or later.

To ensure the update is applied, users should navigate to Settings > About Chrome. The browser will check for updates and prompt for a restart to finalize the installation. In managed environments, administrators should use group policy objects (GPOs) or mobile device management (MDM) solutions to force the update across the fleet. Given that these flaws are actively exploited, delaying the update increases the risk of a successful Phishing or drive-by download attack that could lead to Privilege Escalation on the host system. Following MITRE ATT&CK frameworks, defenders should prioritize ‘Exploit Public-Facing Application’ (T1190) and ‘User Execution’ (T1204) as the primary techniques associated with these browser-based threats.