"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service," according to the MITRE's Common Weakness Enumeration.
To try to stop future exploitation, more information about the assaults' nature and the threat actors that might be using them has been suppressed. On January 11, 2024, an anonymous report of the problem was made.
The National Vulnerability Database (NVD) maintained by NIST describes the problem as follows: "Out-of-bounds memory access in V8 in Google Chrome before 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
With this approach, Google will patch Chrome for the first actively exploited zero-day vulnerability in 2024. The tech giant fixed eight of these actively exploited browser zero-days last year. To reduce possible risks, users are advised to update to Chrome versions 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux.
It's also recommended that users of Chromium-based browsers like Vivaldi, Microsoft Edge, Brave, Opera, and Opera update the changes as soon as they become available.