Google fixes an actively exploited Chrome zero-day

Malicious actors could use the Chrome zero-day vulnerability to crash the browser.

Google issued updates to fix four flaws in the Chrome browser. One of the vulnerabilities tracked as CVE-2024-0519 is a zero-day bug that’s been exploited.

“Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild,” the company said.

The high-severity bug affects an out-of-bounds memory access in V8, a JavaScript engine that Chrome employs. The vulnerability allows reading or writing data beyond the allocated memory space, which could result in corruption that could potentially crash the browser.

Attackers could abuse the flaw to get secret values like memory addresses, which could theoretically lead malicious actors to achieve code execution.

Google does not provide additional details about the zero-day or the exploit used to abuse it. The company only said that an Anonymous researcher informed the company about the flaw on January 11th.

Zero-day vulnerabilities are software, hardware, or firmware security flaws unknown to the vendor or developers. They’re called “zero-day” because when attackers exploit them, developers have had “zero days” to find a fix.

Since these vulnerabilities are unknown, no patches or defenses are usually available when they’re exploited, making them highly dangerous and difficult to defend against.

More from Cybernews:

Mystery surrounds the LG washing machine hogging 3.6GB of data per day

Ransomware landscape overview 2023

With important elections ahead, Turkey orders blanket VPN ban

Pirates beware: covert cyber gang hijacking brains of Android TVs

Software suppliers offer rich pickings for criminals

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked