Malicious actors could use the Chrome zero-day vulnerability to crash the browser.
Google issued updates to fix four flaws in the Chrome browser. One of the vulnerabilities tracked as CVE-2024-0519 is a zero-day bug that’s been exploited.
“Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild,” the company said.
Attackers could abuse the flaw to get secret values like memory addresses, which could theoretically lead malicious actors to achieve code execution.
Google does not provide additional details about the zero-day or the exploit used to abuse it. The company only said that an Anonymous researcher informed the company about the flaw on January 11th.
Zero-day vulnerabilities are software, hardware, or firmware security flaws unknown to the vendor or developers. They’re called “zero-day” because when attackers exploit them, developers have had “zero days” to find a fix.
Since these vulnerabilities are unknown, no patches or defenses are usually available when they’re exploited, making them highly dangerous and difficult to defend against.
More from Cybernews:
Subscribe to our newsletter