SingCERT Urges Immediate Browser Updates Due to High-Severity Vulnerability
SingCERT, a division of the Cyber Security Agency of Singapore (CSA), has advised users and administrators of Google Chrome and other Chromium-based browsers, such as Microsoft Edge, to update their browsers to the latest versions without delay. This recommendation follows reports indicating active exploitation of a “high-severity vulnerability” affecting older browser versions.
According to SingCERT’s advisory released on Monday, the vulnerability, identified as CVE-2024-4947, primarily impacts Google Chrome versions preceding 125.0.6422.60. The vulnerability stems from a “type confusion bug in the V8 JavaScript engine” and extends its reach to other Chromium-based browsers like Microsoft Edge.
SingCERT underscores that successful exploitation of the vulnerability could lead to remote code execution via a maliciously crafted HTML page.
The United States National Institute of Standards and Technology (NIST) has also weighed in on the issue, advising affected users and administrators to implement mitigations as per vendor instructions or consider discontinuing product use if mitigations are not available.
Describing the nature of the bug, NIST notes that it allows a remote attacker to execute arbitrary code within a sandbox through a carefully crafted HTML page.
