Google on Tuesday launched updates to repair 4 safety points in its Chrome browser, together with an actively exploited zero-day flaw.
The problem, tracked as CVE-2024-0519, considerations an out-of-bounds reminiscence entry within the V8 JavaScript and WebAssembly engine, which could be weaponized by menace actors to set off a crash.
“By studying out-of-bounds reminiscence, an attacker would possibly be capable to get secret values, comparable to reminiscence addresses, which could be bypass safety mechanisms comparable to ASLR so as to enhance the reliability and chance of exploiting a separate weak spot to attain code execution as a substitute of simply denial of service,” based on MITRE’s Frequent Weak spot Enumeration (CWE).
Extra particulars in regards to the nature of the assaults and the menace actors which may be exploiting them have withheld in an try to forestall additional exploitation. The problem was reported anonymously on January 11, 2024.
“Out-of-bounds reminiscence entry in V8 in Google Chrome previous to 120.0.6099.224 allowed a distant attacker to doubtlessly exploit heap corruption by way of a crafted HTML web page,” reads a description of the flaw on the NIST’s Nationwide Vulnerability Database (NVD).
The event marks the primary actively exploited zero-day to be patched by Google in Chrome in 2024. Final 12 months, the tech large resolved a complete of 8 such actively exploited zero-days within the browser.
Customers are really useful to improve to Chrome model 120.0.6099.224/225 for Home windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats.
Customers of Chromium-based browsers comparable to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they develop into accessible.
Discover more from PressNewsAgency
Subscribe to get the latest posts sent to your email.