SINGAPORE: Users and administrators of Google Chrome and other Chromium-based browsers, including Microsoft Edge, should update their browsers to their latest versions immediately, the Singapore Cyber Emergency Response Team (SingCERT) said on Monday (May 27).
This comes after reports that hackers are actively exploiting a "high-severity vulnerability" affecting older versions of the browsers.
"There have been reports of active exploitation of a high-severity vulnerability affecting Google Chrome," SingCERT, which falls under the Cyber Security Agency of Singapore (CSA), said in an advisory on Monday.
Google Chrome versions prior to 125.0.6422.60 are affected by this vulnerability, which has been designated CVE-2024-4947.
SingCERT said that the vulnerability is caused by a "type confusion bug in the V8 JavaScript engine", adding that it also affects other Chromium-based browsers including Microsoft Edge.
"Successful exploitation of the vulnerability could allow an attacker to perform remote code execution via a crafted malicious HTML page," it said.
The United States National Institute of Standards and Technology has also advised users and administrators affected by the vulnerability to "apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable".
It said that the bug "allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page".
Continue reading...
This comes after reports that hackers are actively exploiting a "high-severity vulnerability" affecting older versions of the browsers.
"There have been reports of active exploitation of a high-severity vulnerability affecting Google Chrome," SingCERT, which falls under the Cyber Security Agency of Singapore (CSA), said in an advisory on Monday.
Google Chrome versions prior to 125.0.6422.60 are affected by this vulnerability, which has been designated CVE-2024-4947.
SingCERT said that the vulnerability is caused by a "type confusion bug in the V8 JavaScript engine", adding that it also affects other Chromium-based browsers including Microsoft Edge.
"Successful exploitation of the vulnerability could allow an attacker to perform remote code execution via a crafted malicious HTML page," it said.
The United States National Institute of Standards and Technology has also advised users and administrators affected by the vulnerability to "apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable".
It said that the bug "allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page".
Continue reading...