Google Releases Security Update Addressing Zero-Day Vulnerability in Google Chrome
Security update addresses three high severity vulnerabilities in Google Chrome including one which is actively exploited, along with one additional undisclosed vulnerability
Summary
Security update addresses three high severity vulnerabilities in Google Chrome including one which is actively exploited, along with one additional undisclosed vulnerability
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Google have released a security update which addresses three high severity vulnerabilities in Google Chrome for Windows, Mac, and Linux, including one which is under active exploitation.
The high severity zero-day vulnerability, tracked as CVE-2024-0519 involves an out of bounds memory access in V8 in Google Chrome that could allow an attacker to exploit heap corruption via a crafted HTML page.
CVE-2024-0517 and CVE-2024-0518 respectively involve an out of bounds write and a type confusion in V8 in Google Chrome, and could also allow an attacker to exploit heap corruption via a crafted HTML page.
Exploitation of CVE-2024-0519
Google have reported that CVE-2024-0519 is actively being exploited in the wild.
Remediation advice
Affected organisations are encouraged to review the Chrome Release and apply the necessary updates to the latest release.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 17 January 2024 4:39 pm