The team logo
Daily Brief Changelog
v0.7

Article Details

Scrape Timestamp (UTC): 2024-01-17 02:25:42.634

Source: https://thehackernews.com/2024/01/zero-day-alert-update-chrome-now-to-fix.html

Original Article Text

Click to Toggle View

Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability. Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. "By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service," according to MITRE's Common Weakness Enumeration (CWE). Additional details about the nature of the attacks and the threat actors that may be exploiting them have withheld in an attempt to prevent further exploitation. The issue was reported anonymously on January 11, 2024. "Out-of-bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," reads a description of the flaw on the NIST's National Vulnerability Database (NVD). The development marks the first actively exploited zero-day to be patched by Google in Chrome in 2024. Last year, the tech giant resolved a total of 8 such actively exploited zero-days in the browser. Users are recommended to upgrade to Chrome version 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available. Report: Unveiling the Threat of Malicious Browser Extensions Download the Report to learn the Risks of Malicious Extensions and How to Mitigate Them. Firewalls vs. Zero Trust: Minimize Your Attack Surface Learn latest trends in the attack landscape, attacker strategies, and how to implement Zero Trust Security.

Daily Brief Summary

MALWARE // Google Patches Actively Exploited Chrome Zero-Day Vulnerability

Google has released an update to fix a zero-day vulnerability in the Chrome browser that was actively being exploited by attackers.

The vulnerability is identified as CVE-2024-0519 and involves an out-of-bounds memory access in the V8 JavaScript engine that could lead to heap corruption.

Attackers exploiting this flaw could bypass security mechanisms, potentially leading to code execution beyond just causing a denial of service.

Detailed information about the attacks and the identities of threat actors have been withheld to prevent further exploitation.

The flaw was anonymously reported and Chrome users must update to the latest versions provided for Windows, macOS, and Linux to protect against the risk.

This is the first zero-day vulnerability in Chrome reported in 2024, following eight similar issues rectified by Google in the previous year.

Users of other Chromium-based browsers are encouraged to stay vigilant and apply relevant updates as they are made available.