Google on Tuesday released an update that fixes four security issues in its Chrome browser, including an actively exploited zero-day vulnerability.
The issue is tracked as CVE-2024-0519involves an out-of-bounds memory access in the V8 JavaScript and WebAssembly engines, which could be exploited by threat actors to trigger a crash.
“By reading out-of-bounds memory, an attacker may be able to obtain secret values, such as memory addresses, which can bypass protection mechanisms such as ASLR to increase the reliability and likelihood of code execution by exploiting individual vulnerabilities, not just Merely a denial of service,” according to MITER’s Common Weakness Enumeration (CWE).
Further details about the nature of the attacks and the threat actors who may have exploited them have been withheld to prevent further exploitation. This issue was reported anonymously on January 11, 2024.
“Out-of-bounds memory access in Google Chrome V8 before 120.0.6099.224 allows a remote attacker to potentially exploit stack corruption via a crafted HTML page,” according to a description of the flaw on the NIST National Vulnerability Database (NVD) wrote.
This development marks the first actively exploited zero-day vulnerability that Google will patch in Chrome in 2024. Last year, the tech giant addressed a total of eight such actively exploited zero-day vulnerabilities in browsers.
It is recommended that users upgrade the Chrome version (Windows version) to 120.0.6099.224/225, the macOS version to 120.0.6099.234, and the Linux version to 120.0.6099.224 to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply fixes when they become available.
