New Chrome 125.0.6422.60/.61 for Windows available
This is an emergency security update for the Chrome web browser. An exploit for a zero-day vulnerability is circulating again.
For the third time in a week, Google has updated the Chrome web browser. An exploit for a zero-day vulnerability is circulating again.
Google is again releasing an emergency security update for the Chrome web browser. An exploit for a new zero-day vulnerability in the browser is once again circulating in the wild.
In the version announcement, Google's developers write that the new version seals a total of nine security leaks. They only provide brief information for four of them, five of which were therefore found internally. Two were classified as high risk, one as medium and one as low threat.
A type confusion vulnerability affects the Javascript engine V8. Processed data types do not match those intended in the program code, which can lead to memory limits being exceeded and, in some cases, to the execution of hidden code. In this case, attackers can abuse the vulnerability with a maliciously manipulated website to execute arbitrary code within a sandbox (CVE-2024-4947, risk high). For this vulnerability, Google knows of exploits that are circulating in the wild.
The new versions also close a use-after-free vulnerability in the Dawn browser component (CVE-2024-4948, high) and one in the V8 Javascript engine (CVE-2024-4949, medium) as well as an inappropriate implementation in downloads (CVE-2024-4950, low).
The secured browser versions are now Chrome 125.0.6422.53 for Android, 125.0.6422.60 for Linux and 125.0.6422.60/.61 for macOS and Windows. The extended stable version has also been updated; the current version is now 124.0.6367.221 for macOS and Windows. If you use Google Chrome, you should make sure that the current version is installed and active.
You can find out whether the current version is already active on your computer using the Chrome version dialog. This can be opened by clicking on the settings menu, which is located behind the symbol with the three vertically stacked dots to the right of the address bar. It can be found there under Help – About Google Chrome.