Friend
Professional
- Messages
- 2,653
- Reaction score
- 843
- Points
- 113
Will the technical analysis of the vulnerability affect user security?
Experts have published the exploit code and a detailed analysis of the Google Chrome zero-day vulnerability.
The PoC exploit refers to a type confusion bug with the identifier CVE-2024-5274 (CVSS score: 8.8) in the V8 engine, which is used to process JavaScript in the browser. The problem occurs because the program incorrectly interprets one type of data as another, which can lead to crashes, data corruption, and even arbitrary code execution.
Google initially released a patch for the vulnerability in May 2024, but technical details were hidden to prevent the possibility of attackers from exploiting the bug. The situation changed after researchers @mistymntncop and @buptsb published the exploit code on GitHub.
Having a PoC code has both positive and negative aspects. On the one hand, it is useful for information security specialists who can study the vulnerability and develop more effective protective measures. On the other hand, the code can be used by hackers to create real-world exploits and carry out attacks.
This vulnerability was exploited in attacks on Mongolian government websites that affected both iOS and Android users visiting infected sites. The attacks were part of a broader campaign that also exploited another critical Chrome vulnerability, CVE-2024-4671. In both campaigns, the attackers used exploits similar to those used by the commercial spyware companies Intellexa and NSO Group.
Google has already released an update for Chrome - version 125.0.6422.112/.113 for Windows and Mac and version 125.0.6422.112 for Linux. Users are urged to update their browser immediately to protect themselves from possible attacks.
Source
Experts have published the exploit code and a detailed analysis of the Google Chrome zero-day vulnerability.
The PoC exploit refers to a type confusion bug with the identifier CVE-2024-5274 (CVSS score: 8.8) in the V8 engine, which is used to process JavaScript in the browser. The problem occurs because the program incorrectly interprets one type of data as another, which can lead to crashes, data corruption, and even arbitrary code execution.
Google initially released a patch for the vulnerability in May 2024, but technical details were hidden to prevent the possibility of attackers from exploiting the bug. The situation changed after researchers @mistymntncop and @buptsb published the exploit code on GitHub.
Having a PoC code has both positive and negative aspects. On the one hand, it is useful for information security specialists who can study the vulnerability and develop more effective protective measures. On the other hand, the code can be used by hackers to create real-world exploits and carry out attacks.
This vulnerability was exploited in attacks on Mongolian government websites that affected both iOS and Android users visiting infected sites. The attacks were part of a broader campaign that also exploited another critical Chrome vulnerability, CVE-2024-4671. In both campaigns, the attackers used exploits similar to those used by the commercial spyware companies Intellexa and NSO Group.
Google has already released an update for Chrome - version 125.0.6422.112/.113 for Windows and Mac and version 125.0.6422.112 for Linux. Users are urged to update their browser immediately to protect themselves from possible attacks.
Source
