In the latest release notes, Google discloses a newly discovered 0-day vulnerability already being exploited in the wild. Although the update addresses the issue, the fact that it is actively exploited underscores the urgency of its implementation. This marks the first 0-day exploit reported in the Chrome browser for the year 2024.
New Google Chrome 0-day Vulnerability
Google issued a Chrome browser update on January 16, addressing three vulnerabilities, including one reported anonymously with the identifier CVE-2024-0519. The company acknowledges that this particular vulnerability has been exploited in the wild.
The primary vulnerability arises from improper memory access control in the JScript V8 engine, utilized by Chrome, falling under the CWE-119 designation. Chrome’s operation involves direct memory addressing, but inadequate handling results in the potential to reference a wrong memory location. Exploiting this allows attackers to read and write to random memory areas, leading to data leaks and arbitrary code execution.
In addition to the critical issue, the update addresses two high-severity vulnerabilities. Both pertain to the V8 JavaScript engine, focusing on the absence of memory write validation and type confusion. The latter vulnerability, akin to CVE-2024-0519, demands similar attention due to its potential impact. Fortunately, these two high-severity vulnerabilities have not been exploited in the real world.
GOOGLE RELEASES FIX TO THE NEWEST 0-DAY EXPLOIT
OS | Version with Fix |
---|---|
Windows | 120.0.6099.224(225) |
MacOS | 120.0.6099.234 |
Linux | 120.0.6099.224 |
Leave A Comment