Skip to main content
root@rebel:~$ cd /news/threats/cve-2024-4947-google-patches-fifth-chrome-zero-day-of-2024_
[TIMESTAMP: 2026-06-09 09:16 UTC] [AUTHOR: Runtime Rebel Intel] [SEVERITY: CRITICAL]

CVE-2024-4947: Google Patches Fifth Chrome Zero-Day of 2024

CRITICAL Vulnerabilities #CVE-2024-4947#Google Chrome#V8 Engine
AI-Assisted Analysis
READ_TIME: 3 min read
// executive briefing tl;dr
  • [01] Threat actors are actively exploiting a memory corruption flaw to execute arbitrary code on systems running outdated Chrome browsers.
  • [02] Systems running Google Chrome versions prior to 125.0.6422.60 across Windows, macOS, and Linux are currently vulnerable.
  • [03] Administrators must immediately update Google Chrome to version 125.0.6422.60 or later to mitigate active exploitation risks.

Google has issued an emergency security update to address a high-severity CVE identified as CVE-2024-4947, which marks the fifth Zero-Day vulnerability exploited in the wild since the start of 2024. This specific flaw resides in the V8 JavaScript engine, the open-source component responsible for executing script code within Chromium-based browsers. According to BleepingComputer, the vulnerability was discovered and reported by Vasily Berdnikov and Boris Larin of Kaspersky, indicating that sophisticated threat actors may already be leveraging the bug for targeted intrusions.

Technical Analysis of CVE-2024-4947

The vulnerability is classified as a type confusion flaw. In the context of the V8 engine, type confusion occurs when the engine incorrectly identifies the type of an object during runtime. When the engine performs operations on this object assuming it is of one type (e.g., an integer) while it is actually another (e.g., a pointer), it can lead to out-of-bounds memory access. This V8 engine type confusion vulnerability is a classic precursor to gaining arbitrary code execution. By manipulating the memory layout of the browser process, an attacker can bypass security sandboxes and achieve RCE on the host system.

Type confusion bugs in V8 often involve the Just-In-Time (JIT) compiler, which optimizes JavaScript code for performance. If the JIT compiler makes incorrect assumptions about variable types during optimization, it can generate machine code that mismanages memory. While Google has not released a detailed technical breakdown to prevent further exploitation, the confirmation of active use in the wild suggests that a stable exploit exists and is being utilized by unidentified groups.

Google Chrome version 125.0.6422.60 patch details

To remediate this threat, Google has accelerated the rollout of Chrome version 125.0.6422.60/.61 for Windows and macOS, and 125.0.6422.60 for Linux. This release follows a remarkably dense period of patching for the Chromium project. In May 2024 alone, Google has patched three zero-days, including CVE-2024-4671 and CVE-2024-4761. The frequency of these disclosures suggests a heightened period of activity for both vulnerability researchers and threat actors targeting the browser Supply Chain Attack surface.

Detection and Defensive Recommendations

Security teams looking for how to detect CVE-2024-4947 exploit attempts should focus on monitoring for unusual child processes spawned by browser executables. Specifically, if chrome.exe or its equivalent on macOS/Linux spawns command-line shells or PowerShell instances, it is a high-confidence IoC of successful exploitation. Furthermore, SOC analysts should review EDR telemetry for memory-resident payloads or unexpected attempts to access sensitive system files from the browser’s context.

Defenders should prioritize the following actions:

  • Verify Browser Versions: Ensure that all endpoints are running version 125.0.6422.60 or later. Use automated management tools to force a restart of the browser, as the update only takes effect once the application is closed and reopened.
  • Monitor V8-Related Crashes: Frequent, unexplained browser crashes across multiple users can sometimes indicate a failed exploitation attempt where the attacker’s TTP did not successfully align the memory heap.
  • Assess Exposure: Review the CVSS score and technical impact for other Chromium-based applications, such as Microsoft Edge, Brave, and Opera, which typically inherit these vulnerabilities and require their own respective vendor updates.

The rapid succession of these flaws highlights the persistent interest threat actors have in the browser as an initial access vector. Given that the V8 engine is a core component of the modern web, the impact of these vulnerabilities extends beyond simple web browsing to any application that embeds Chromium or utilizes Node.js.

Advertisement