Update Chrome now to fix a new, actively exploited vulnerability

Chrome Zero Day Vulnerability

Google released updates on Tuesday to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw.

The problem, tracked as CVE-2024-0519involves an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to cause a crash.

“By reading out-of-bounds memory, an attacker can obtain secret values, such as memory addresses, which can bypass protection mechanisms such as ASLR to improve reliability and the likelihood of exploiting a discrete weakness to gain code execution instead of just denial of service,” according to MITER’s Common Weakness Enumeration (CWE).

Additional details about the nature of the attacks and the threat actors potentially exploiting them have been withheld in an effort to prevent further exploitation. The issue was reported anonymously on January 11, 2024.

“Out-of-bounds memory access in V8 in Google Chrome before 120.0.6099.224 potentially allowed a remote attacker to exploit heap corruption via a crafted HTML page,” reads one description of the error on the NIST National Vulnerability Database (NVD).

The development marks the first actively exploited zero-day to be patched by Google in Chrome in 2024. Last year, the tech giant resolved a total of eight such actively exploited zero-days in the browser.

Users are recommended to upgrade to Chrome version 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi are also advised to apply the fixes as they become available.

 

#Update #Chrome #fix #actively #exploited #vulnerability

Total
0
Shares
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Previous Post
AndroxGh0st Botnet

Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials

Next Post
Dutch Military Network

Chinese hackers abused the FortiGate flaw to breach the Dutch military network

Related Posts