Another Google Chrome 0-day vulnerability fixed: update asap

[harlan4096]

Google released a security update for its Chrome web browser to address another 0-day security vulnerability. This is the second 0-day vulnerability that Google fixed in Chrome in recent time and the third security update since the release of Chrome 123 on March 20, 2024.

Chrome users may want to update the browser immediately to protect it against potential attacks.

Load chrome://settings/help on the desktop to find out if Chrome is up to date. Chrome is up to date if you see one of the following versions: 123.0.6312.105, 123.0.6312.106, or 123.0.6312.107.

The browser should pick up the newest security update if an older version is installed. Note that this works only on desktop systems. Chrome for Android updates are managed by Google Play.

0-day JavaScript vulnerability



The vulnerability was shown to the public during the Pwn2Own hacking contest in March 2024 for the first time. Demoed by security researchers Edouard Bochin and Tao Yan, the researchers managed to exploit Chrome and also Microsoft Edge during the competition using the exploit.

This earned them $42500 in price money during the competition. According to the official announcement, the exploit used an out of bounds read "plus a novel technique" to defeat V8 hardening and execute arbitrary code in the renderer.

Other Chromium-based web browsers are also affected by the issue, as it affects a shared component. Some of the browsers may have been updated already as a reaction to the reported security issue.
...

Continue Reading