Google on Tuesday unveiled updates to correct 4 security issues in its Chrome browser, such as an actively exploited zero-working day flaw.
The issue, tracked as CVE-2024-0519, problems an out-of-bounds memory obtain in the V8 JavaScript and WebAssembly motor, which can be weaponized by danger actors to trigger a crash.
“By reading through out-of-bounds memory, an attacker may well be capable to get key values, this kind of as memory addresses, which can be bypass defense mechanisms these kinds of as ASLR in get to boost the trustworthiness and likelihood of exploiting a separate weakness to reach code execution rather of just denial of service,” in accordance to MITRE’s Popular Weak spot Enumeration (CWE).
Extra aspects about the nature of the attacks and the threat actors that could be exploiting them have withheld in an try to avert more exploitation. The issue was described anonymously on January 11, 2024.
“Out-of-bounds memory obtain in V8 in Google Chrome prior to 120..6099.224 authorized a distant attacker to potentially exploit heap corruption by using a crafted HTML site,” reads a description of the flaw on the NIST’s Countrywide Vulnerability Databases (NVD).
The advancement marks the 1st actively exploited zero-working day to be patched by Google in Chrome in 2024. Very last calendar year, the tech large settled a complete of 8 such actively exploited zero-times in the browser.
Users are encouraged to upgrade to Chrome variation 120..6099.224/225 for Windows, 120..6099.234 for macOS, and 120..6099.224 for Linux to mitigate possible threats.
Consumers of Chromium-based mostly browsers such as Microsoft Edge, Courageous, Opera, and Vivaldi are also suggested to implement the fixes as and when they turn out to be readily available.
Located this short article appealing? Follow us on Twitter ๏ and LinkedIn to browse a lot more exceptional content material we put up.
Some parts of this article are sourced from:
thehackernews.com