CVE-2024-4947

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 125.0.6422.60 Chromium versions prior to 126.0.6478.182-alt0.c10.1 Chromium-Gost versions prior to 125.0.6422.112-alt0.c10.1 Yandex-browser-stable version 24.4.3.1111-alt1 Chromium versions prior to 125.0.6422.60-1~deb12u1 (Debian bookworm)

Description A type confusion vulnerability exists in the V8 JavaScript and WebAssembly engine in Google Chrome and Chromium-based browsers. This flaw could allow a remote attacker to execute arbitrary code within a sandbox via a crafted HTML page. The vulnerability has been actively exploited in attacks, including by the Lazarus APT group who used a malicious game to deliver malware. Exploitation of this vulnerability can lead to remote code execution and potential unauthorized access or control of affected systems.

Recommendations Update Google Chrome to version 125.0.6422.60 or later. Update Chromium to version 126.0.6478.182-alt0.c10.1 or later. Update Chromium-Gost to version 125.0.6422.112-alt0.c10.1 or later. Update Yandex-browser-stable to version 24.4.3.1111-alt1. Update Chromium to version 125.0.6422.60-1~deb12u1 or later (Debian bookworm).