【Vulnerability Alert】Security Vulnerability in Chromium-Based Browsers (CVE-2024-4947)

【Vulnerability Alert】Security Vulnerability in Chromium-Based Browsers (CVE-2024-4947) – Please Verify and Patch Immediately

publish date : 2024-05-30 update date : 2024-05-30

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2024053010051313	Publication Time	2024/05/30 11:10
Incident Type	ANA-Vulnerability Alert	Discovery Time	2024/05/30 11:10
Impact Level	Medium
[Subject] 【Vulnerability Alert】Security Vulnerability in Chromium-Based Browsers (CVE-2024-4947) – Please Verify and Patch Immediately
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202405-00000203 Researchers have identified a Type Confusion vulnerability (CVE-2024-4947) in Chromium-based browsers such as Google Chrome, Microsoft Edge, Vivaldi, Brave, and Opera. Remote attackers can exploit this vulnerability to execute arbitrary code within the sandbox. This vulnerability has already been exploited by hackers. Please verify and take appropriate measures immediately. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] ● Google Chrome versions below 125.0.6422.60 ● Microsoft Edge (Based on Chromium) versions below 124.0.2478.109 ● Vivaldi versions below 6.7.3329.35 ● Brave versions below 1.66.110 ● Opera stable versions below 110.0.5130.39
[Recommended Actions] 1.Please update Google Chrome to version 125.0.6422.60 or above https://support.google.com/chrome/answer/95414?hl=en 2.Please update Microsoft Edge to version 124.0.2478.109 or above https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1 3.Please update Vivaldi to version 6.7.3329.35 or above https://help.vivaldi.com/desktop/install-update/update-vivaldi/ 4.Please update Brave to version 1.66.110 or above https://community.brave.com/t/how-to-update-brave/384780 5.Please update Opera stable to version 110.0.5130.39 or above https://help.opera.com/en/latest/crashes-and-issues/
[Reference] 1. https://support.google.com/chrome/answer/95414?hl=zh-Hant 2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1 3. https://help.vivaldi.com/desktop/install-update/update-vivaldi/ 4. https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html 5. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-494 6. https://vivaldi.com/blog/desktop/minor-update-six-6-7/ 7. https://community.brave.com/t/release-channel-1-66-110/548851/1 8. https://blogs.opera.com/desktop/2024/05/opera-110-0-5130-39-stable-update/

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center