Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
The vulnerability allows you to launch a chain of exploits.
Google has released updates that fix four security issues in the Chrome browser, including the actively exploited zero-day vulnerability.
Vulnerability CVE-2024-0519 is related to Out-of-bounds access in JavaScript V8 and WebAssembly, which an attacker can use to cause a system crash.
Accessing memory outside of it allows an attacker to obtain sensitive data, such as memory addresses, which allows you to bypass the ASLR (Address Space Layout Randomization) protection mechanism and increase the likelihood of exploiting other vulnerabilities for code execution, and not just for Denial of Service (DoS), as MITRE explains.
The NIST vulnerability description states that accessing memory outside of JavaScript V8 in Google Chrome prior to version 120.0.6099.224 allowed a remote attacker to potentially exploit heap Corruption using the generated HTML page.
Additional information about the nature of attacks and the threat actors who may use them is not disclosed in an attempt to prevent further exploitation. The problem was reported anonymously on January 11, 2024. Users are advised to update Chrome to 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply patches as they become available.
Google has released updates that fix four security issues in the Chrome browser, including the actively exploited zero-day vulnerability.
Vulnerability CVE-2024-0519 is related to Out-of-bounds access in JavaScript V8 and WebAssembly, which an attacker can use to cause a system crash.
Accessing memory outside of it allows an attacker to obtain sensitive data, such as memory addresses, which allows you to bypass the ASLR (Address Space Layout Randomization) protection mechanism and increase the likelihood of exploiting other vulnerabilities for code execution, and not just for Denial of Service (DoS), as MITRE explains.
The NIST vulnerability description states that accessing memory outside of JavaScript V8 in Google Chrome prior to version 120.0.6099.224 allowed a remote attacker to potentially exploit heap Corruption using the generated HTML page.
Additional information about the nature of attacks and the threat actors who may use them is not disclosed in an attempt to prevent further exploitation. The problem was reported anonymously on January 11, 2024. Users are advised to update Chrome to 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply patches as they become available.
