On Tuesday, Google released patches to solve four security concerns that were present in its Chrome browser. One of these flaws was a zero-day hole that was being actively exploited.
The vulnerability, which has been assigned the identifier CVE-2024-0519, is related to an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine. This vulnerability has the potential to be leveraged by threat actors in order to cause a crash.
“By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service,” according to the Common Weakness Enumeration (CWE).
For the sake of preventing future exploitation, more information regarding the nature of the assaults and the threat actors that may be using them has been suppressed. The matter was reported without revealing one’s identity on January 11, 2024.
“Out-of-bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” states a description of the bug in the National Vulnerability Database (NVD) maintained by the National Institute of Standards and Technology (NIST).
This new revelation is the first zero-day vulnerability that has been actively exploited and will be corrected by Google in Chrome in the year 2024. A total of eight zero-day vulnerabilities that were actively exploited in the browser were fixed by the tech giant in the previous year.
In order to protect themselves from potential dangers, users are strongly encouraged to upgrade to Chrome version 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux.
It is also recommended that users of browsers that are based on Chromium, such as Microsoft Edge, Brave, Opera, and Vivaldi, update the patches as soon as they are made available.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.