Google Patches 3rd Zero-Day Exploit in Chrome

Google has been having quite a week because it just patched its third zero-day vulnerability in Chrome within seven days. The latest culprit? CVE-2024-4947.

If you think that sounds technical, you’re right, but stick with me. This affects almost everyone using the internet, so it’s worth unpacking

TL;DR Version: CVE-2024-4947 is a zero-day vulnerability in Chrome that’s being actively exploited. This makes it the third vulnerability that has been fixed in Chrome within the past week.

In layman’s terms, zero-day means the folks exploiting it found the vulnerability before Google could patch it. Yikes.

The Official Statement from Google

Google dropped this bombshell in its official blog: “The Stable channel has been updated to 117.0.5938.132 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.”

Yup, they’re basically saying update your browser ASAP to avoid falling prey to these exploits because they are, in fact, being used on the greater public right now.

The Chain of Events

The first zero-day, CVE-2024-4868, was also raised a ruckus earlier in the week followed closely by CVE-2024-4946. And now, CVE-2024-4947 completes this hat-trick of headaches for Google’s security team.

Dive Deeper: What is CVE-2024-4947? According to Bleeping Computer, this Zero-day revolves around an exploit discovered in Chrome’s Rendering Engine, which is a pretty key part of the browser.

Google Chrome updating version window displayed.Google Chrome updating version window displayed.
Image: KnowTechie

This exploit has been used actively in the wild, meaning bad actors have been taking advantage of it while the rest of us were blissfully unaware.

Why Should You Care?

These vulnerabilities can be used for everything from stealing personal information to deploying ransomware. Not updating your browser is akin to locking your front door but leaving the window open.

Protecting Yourself: To update to Chrome, go to your Chrome settings and update to version 117.0.5938.132.

ios automatic updates turned on mockupios automatic updates turned on mockup
Image: KnowTechie

Bonus points: Enable Automatic Updates – make sure your browser and OS are set to update automatically.

Sure, Google might have fixed CVE-2024-4947, but it really makes you think, doesn’t it? Cyber threats are getting smarter and more complex every day.

It’s a good reminder that keeping our software updated and staying sharp with our cybersecurity habits is more important than ever. Stay safe out there.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.

Editors’ Recommendations:

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top