The zero-day vulnerability, identified as CVE-2024-0519, stems from a high-severity out-of-bounds memory access weakness in the Chrome V8 JavaScript engine
Google has fixed zero-day vulnerability in its Chrome browser, exploited in the wild marking the first such security incident of the year. The company released a security update to address the issue, emphasising the importance of users updating their browsers promptly to safeguard against potential exploits.
The zero-day vulnerability, identified as CVE-2024-0519, stems from a high-severity out-of-bounds memory access weakness in the Chrome V8 JavaScript engine. This flaw allows attackers to exploit the vulnerability, gaining access to data beyond the allocated memory buffer. In simpler terms, it opens the door for unauthorised access to sensitive information or could lead to a system crash.
The vulnerability arises when the expected sentinel is not located in the out-of-bounds memory, resulting in the reading of excessive data. This can lead to a segmentation fault or buffer overflow, with potential consequences such as unauthorised access or data manipulation. Additionally, the flaw could be leveraged to bypass protection mechanisms like ASLR, facilitating easier code execution through another weakness.
Upon discovering the zero-day vulnerability, Google acted swiftly to release a security update for users in the Stable Desktop channel. Versions for Windows (120.0.6099.224/225), Mac (120.0.6099.234), and Linux (120.0.6099.224) were rolled out globally in less than a week after the report. While the update may take some time to reach all users, Chrome has an automatic update feature that checks for and installs new updates upon the next browser launch.
Apart from CVE-2024-0519, Google also addressed other vulnerabilities in the Chrome browser. These include out-of-bounds write (CVE-2024-0517) and type confusion (CVE-2024-0518) flaws, both capable of allowing arbitrary code execution on compromised devices.
While Google acknowledges the existence of zero-day exploits related to CVE-2024-0519, the company has not disclosed specific details about these incidents. Access to bug details and related links may be restricted until a significant number of users have updated their browsers. Google may also retain restrictions if the vulnerability is found in a third-party library that other projects rely on but have not yet addressed.
In light of the recent zero-day vulnerability in Chrome, users are urged to update their browsers promptly to ensure the security of their systems. Google’s quick response and release of a security patch underscore the company’s commitment to addressing potential threats and enhancing the overall cybersecurity of its browser. Regularly updating software remains a crucial practice for users to stay protected against emerging vulnerabilities and potential exploits.
