Google Chrome Browser Zero-Day Vulnerability Exploited in Wild


Google Chrome released the first security update in 2024 with a fix for the zero-day bug actively exploited in Wild.

An update to Google Chrome 120.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 for Windows will be released in the next days or weeks.

Hackers exploit zero-day flaws as these vulnerabilities are unknown to software vendors, making them valuable for launching attacks before security patches are developed.

Even exploiting zero-day flaws can provide a strategic advantage to the threat actors in launching targeted and undetected attacks.

Recently, the following cybersecurity researchers identified multiple vulnerabilities, along with a zero-day flaw exploited in the wild:

  • CVE-2024-0517 Reported by Toan (suto) Pham of Qrious Secure on 2024-01-06
  • CVE-2024-0518 Reported by Ganjiang Zhou (@refrain_areu) of ChaMd5-H1 team on 2023-12-03
  • CVE-2024-0519 Reported by Anonymous on 2024-01-11

The zero-day exploit (CVE-2024-0519) hits the V8 JavaScript engine with out-of-bounds memory access. However, Google didn’t provide details regarding the attack scope or telemetry. 

At the moment, Google has confirmed that the vulnerability is actively exploited in the wild., which was reported anonymously.

Document

Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .


Zero-Day Faw Profile

  • CVE ID: CVE-2024-0519
  • Description: Out-of-bounds memory access in V8
  • Reporting: Anonymous
  • Reported date: 2024-01-11
  • Severity: HIGH

Additionally, Google has stated that it won’t release the bug details until most users have updated. Restrictions also remain for third-party library bugs affecting dependent projects without fixes.

For rewards, Google rewarded the respective researchers for their discoveries accordingly. For CVE-2024-0517, the Toan (suto) Pham of Qrious Secure was rewarded with $16,000; for CVE-2024-0518, the  Ganjiang Zhou (@refrain_areu) of the ChaMd5-H1 team was rewarded with $1000; and for CVE-2024-0519, the reward is not yet declared.

Stable Channel Update

The latest Chrome update covers two high-risk V8 memory safety issues and multiple internal fixes. The recent update patches the code execution vulnerabilities, and at least seven zero-days were patched by Google in 2023.

Stable channel updates:

  • Mac (120.0.6099.234)
  • Linux (120.0.6099.224)
  • Windows (120.0.6099.224/225) 

Extended Stable Updates:

  • Mac (120.0.6099.234)
  • Windows (120.0.6099.225)

Cybersecurity researchers at Google strongly urged users to immediately update their vulnerable Chrome variant to the latest patched version to mitigate the security threats.

Update Now!

To update the Chrome web browser, you have to follow a few simple steps that we have mentioned below:-  

  • First of all, go to the Settings option.
  • Then select About Chrome.
  • Now, you must wait, as Chrome will automatically fetch and download the latest update.
  • Then, wait for the latest version to be installed.
  • Once the installation process is complete, you will have to restart Chrome.
  • That’s it. Now you are done.

Looking for cost-effective penetration testing services? Try Kelltron’s to assess and evaluate the security posture of digital systems – Free Demo



Source link