Source: www.databreachtoday.com – Author: 1
Google Fixes Out-of-Bounds Memory Access Flaw, Microsoft Edge Browser Also Affected
Mihir Bagwe (MihirBagwe) •
January 17, 2024
Google released an emergency fix for the first zero-day vulnerability of the year in its Chrome web browser, warning that the bug is under active exploitation.
See Also: Live Webinar | Integrating Splunk and Panther for Real-Time Alerting and Custom Dashboarding
The Silicon Valley giant disclosed limited details Tuesday in an advisory detailing little about the vulnerability, tracked as CVE-2024-0519, other than saying it is an out-of-bounds memory access flaw in its V8 JavaScript rendering engine.
The high-severity zero-day could allow a remote attacker to exploit heap corruption using a crafted malicious HTML page.
Microsoft said it is aware of the zero-day exploit existing and is developing a patch for its Edge browser, which is based on the Chromium open-source code. It recommended users opt in to Edge browser’s enhanced security mode feature.
Microsoft has designed a set of enhanced security features that follow a “defense in depth” approach that “helps reduce the risk of an attack by automatically applying more conservative security settings on unfamiliar sites and adapts over time as you continue to browse.”
The Chrome web browser had a worldwide market share of roughly half, as of August, while Edge claimed approximately 8%.
The flaw is in Google’s open-source JavaScript and WebAssembly engine V8, which is written in C++ language. This engine translates JavaScript code directly into machine code – a digital language that CPUs can understand – so that computers can execute the translated or compiled code. V8 is used widely in Google Chrome, Brave, Opera, Vivaldi and Microsoft Edge.
Hackers also targeted the V8 engine in 2023. Google patched two V8 zero days – CVE-2023-3079 and CVE-2023-2033 – last year.
Original Post url: https://www.databreachtoday.com/chrome-patches-first-zero-day-2024-exploited-in-wild-a-24119
Category & Tags: –
