Google has recently addressed a critical security flaw in its Chrome browser, marking the first zero-day vulnerability of the year. The vulnerability, identified as CVE-2024-0519, was acknowledged in a security advisory by Google after its exploitation was reported in the wild.
This zero-day issue, found in the Chrome V8 JavaScript engine, is a high-severity out-of-bounds memory access weakness. It allows attackers to read beyond the memory buffer, potentially leading to data breaches or system crashes. MITRE, a cybersecurity organization, explains that this flaw could lead to a segmentation fault or buffer overflow, as the expected sentinel might not be located in the out-of-bounds memory.
To counter this threat, Google released patches for the Stable Desktop channel of Chrome, with updates available for Windows (120.0.6099.224/225), Mac (120.0.6099.234), and Linux (120.0.6099.224) users. The update rollout began less than a week after Google was notified of the issue. BleepingComputer confirmed that the security update was immediately available for download, though Google mentioned it could take days or weeks to reach all users.
Chrome users have the option to update their browsers manually or rely on Chrome’s automatic update feature, which installs new updates upon the next launch. The CVE-2024-0519 vulnerability also opens possibilities for attackers to bypass security mechanisms like ASLR, making it easier to execute code through other weaknesses.
In addition to CVE-2024-0519, Google also patched other vulnerabilities in its latest update, including a V8 out-of-bounds write flaw (CVE-2024-0517) and a type confusion flaw (CVE-2024-0518), both of which could lead to arbitrary code execution on compromised devices.
Last year, Google addressed eight Chrome zero-day bugs exploited in attacks. Some, like CVE-2023-4762, were used to deploy spyware on devices belonging to high-risk individuals, including journalists and opposition politicians. This highlights the ongoing challenge of cybersecurity and the importance of regular software updates to protect against evolving threats.