You can now find Cyber Kendra on Google News!

Update Chrome Now! Google Fixes Actively Exploited Zero-Day Bug

Google Patches Actively Exploited Zero-Day in Latest Chrome Update

chrome zero day exploit

Google has released an important security update for its Chrome web browser on all platforms, including Windows, Mac, and Linux. This update addresses multiple vulnerabilities in Chrome, including a zero-day that is reportedly being actively exploited in the wild.

The update is available through the stable release channel and brings Chrome up to version 120.0.6099.234 on Mac, 120.0.6099.224 on Linux, and 120.0.6099.224/225 on Windows. The extended stable channel is updated to 120.0.6099.234 on Mac and 120.0.6099.225 on Windows.

Four security vulnerabilities are fixed in this release, with details as follows:

  • [$16,000] High CVE-2024-0517: Out of bounds write in V8. Reported by researcher Toan Pham of Qrious Secure on January 6, 2024.
  • [$1,000] High CVE-2024-0518: Type confusion vulnerability in V8. Reported by Ganjiang Zhou of ChaMd5-H1 team on December 3, 2023.
  • [$TBD] High CVE-2024-0519: Out of bounds memory access in V8. Reported by an anonymous researcher on January 11, 2024.

Google has confirmed reports that CVE-2024-0519 is being actively exploited in the wild, which makes it a critical zero-day vulnerability.

The issue was reported on January 11, 2024, to Google. It affects V8, the JavaScript and WebAssembly engine that Google Chrome uses. All three listed security issues affect the engine in Chrome.

Other Chromium-based browsers are also affected by the issue. Look for security updates for these browsers to protect them against potential attacks on the web.

To update your Chrome browser, open the page chrome://settings/help which you can also find by clicking Settings > About Chrome (on Windows) or Google Chrome > About Google Chrome (on Mac).

If there is an update available, Chrome will start downloading it. Then you have to restart the browser for the update to complete.

In addition to the vulnerabilities reported by external researchers, Google's own internal security efforts resulted in fixes for several other issues. These stemmed from ongoing audits, fuzzing, and other security initiatives within Google.

Google urges all Chrome users to update to the latest version as soon as possible to ensure they are protected against any attempts to exploit these vulnerabilities.

As the Chrome browser has over 3 billion users worldwide, keeping it secure through rapid patching of vulnerabilities is crucial.

Google has a long track record of promptly addressing major security flaws in Chrome when discoveries are reported or issues detected internally.

Last year, Google fixed eight Chrome zero-day bugs exploited in attacks tracked as CVE-2023-7024, CVE-2023-6345, CVE-2023-5217, CVE-2023-4863, CVE-2023-3079, CVE-2023-4762, CVE-2023-2136, and CVE-2023-2033.

Image: hide.me

Post a Comment