Google on Tuesday introduced updates to repair 4 security issues in its Chrome browser, which includes an actively exploited zero-day flaw.
“By reading through out-of-bounds memory, an attacker could be in a position to get mystery values, these as memory addresses, which can be bypass safety mechanisms such as ASLR in get to strengthen the dependability and likelihood of exploiting a independent weak point to realize code execution as an alternative of just denial of provider,” according to MITRE’s Typical Weak spot Enumeration (CWE).
Extra specifics about the nature of the attacks and the threat actors that may well be exploiting them have withheld in an endeavor to protect against additional exploitation. The issue was documented anonymously on January 11, 2024.
“Out-of-bounds memory access in V8 in Google Chrome prior to 120..6099.224 permitted a remote attacker to potentially exploit heap corruption by using a crafted HTML web page,” reads a description of the flaw on the NIST’s National Vulnerability Databases (NVD).
The advancement marks the initially actively exploited zero-working day to be patched by Google in Chrome in 2024. Previous year, the tech giant solved a whole of 8 these types of actively exploited zero-days in the browser.
Users are advisable to update to Chrome edition 120..6099.224/225 for Windows, 120..6099.234 for macOS, and 120..6099.224 for Linux to mitigate potential threats.
Buyers of Chromium-primarily based browsers these kinds of as Microsoft Edge, Courageous, Opera, and Vivaldi are also encouraged to implement the fixes as and when they come to be obtainable.
Discovered this write-up appealing? Adhere to us on Twitter and LinkedIn to examine much more distinctive written content we publish.
Some sections of this short article are sourced from: