‘High-severity vulnerability’ found in Google Chrome, Microsoft Edge; SingCERT advises users to update browsers

SINGAPORE: Users and administrators of Google Chrome and varied Chromium-based mostly browsers, along side Microsoft Edge, could maybe additionally soundless change their browsers to their latest versions directly, the Singapore Cyber Emergency Response Team (SingCERT) acknowledged on Monday (Would possibly well unprejudiced 27).

This comes after experiences that hackers are actively exploiting a “excessive-severity vulnerability” affecting older versions of the browsers.

“There bask in been experiences of intriguing exploitation of a excessive-severity vulnerability affecting Google Chrome,” SingCERT, which falls beneath the Cyber Security Agency of Singapore (CSA), acknowledged in an advisory on Monday.

Google Chrome versions sooner than 125.0.6422.60 are tormented by this vulnerability, which has been designated CVE-2024-4947.

SingCERT acknowledged that the vulnerability is attributable to a “kind confusion malicious program within the V8 JavaScript engine”, adding that it additionally impacts varied Chromium-based mostly browsers along side Microsoft Edge.

“Winning exploitation of the vulnerability could maybe additionally allow an attacker to manufacture far off code execution through a crafted malicious HTML page,” it acknowledged.

The US National Institute of Requirements and Technology has additionally told users and administrators tormented by the vulnerability to “apply mitigations per seller instructions or discontinue insist of the product if mitigations are unavailable”.

It acknowledged that the malicious program “allowed a far off attacker to pause arbitrary code interior a sandbox through a crafted HTML page”.