Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability

Google fixed four security flaws in its Chrome browser on Tuesday, including a zero-day vulnerability that is being actively exploited. A V8 JavaScript and WebAssembly engine out-of-bounds memory access is the source of the problem, which is tagged as CVE-2024-0519. Threat actors may use this memory access as a weapon to cause a crash.

"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service," according to the MITRE's Common Weakness Enumeration.

To try to stop future exploitation, more information about the assaults' nature and the threat actors that might be using them has been suppressed. On January 11, 2024, an anonymous report of the problem was made.

The National Vulnerability Database (NVD) maintained by NIST describes the problem as follows: "Out-of-bounds memory access in V8 in Google Chrome before 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."

With this approach, Google will patch Chrome for the first actively exploited zero-day vulnerability in 2024. The tech giant fixed eight of these actively exploited browser zero-days last year. To reduce possible risks, users are advised to update to Chrome versions 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux.

It's also recommended that users of Chromium-based browsers like Vivaldi, Microsoft Edge, Brave, Opera, and Opera update the changes as soon as they become available.