Chrome Patches First Zero-Day of 2024 Exploited in the Wild

Google Fixes Out-of-Bounds Memory Access Flaw; Microsoft Edge Browser Also Affected
Chrome Patches First Zero-Day of 2024 Exploited in the Wild
Google patched its first Chrome zero-day of the year. (Image: Shutterstock)

Google released an emergency fix for the first zero-day vulnerability of the year in its Chrome web browser, warning that the bug is under active exploitation.

See Also: Finding and Managing the Risk in your IT Estate: A Comprehensive Overview

The Silicon Valley giant on Tuesday released an advisory detailing little about the vulnerability, tracked as CVE-2024-0519, other than saying it is an out-of-bounds memory access flaw in its V8 JavaScript rendering engine.

The high-severity zero-day could allow a remote attacker to exploit heap corruption using a crafted malicious HTML page.

Microsoft said it is aware of the zero-day exploit and is developing a patch for its Edge browser, which is based on the Chromium open-source code. It recommended users opt in to Edge browser's enhanced security mode feature.

Microsoft has designed a set of enhanced security features that follow a "defense in depth" approach that "helps reduce the risk of an attack by automatically applying more conservative security settings on unfamiliar sites and adapts over time as you continue to browse."

The Chrome web browser had a worldwide market share of roughly half, as of August, while Edge claimed approximately 8%.

The flaw is in Google's open-source JavaScript and WebAssembly engine V8, which is written in C++ language. This engine translates JavaScript code directly into machine code - a digital language that CPUs can understand - so that computers can execute the translated or compiled code. V8 is used widely in Google Chrome, Brave, Opera, Vivaldi and Microsoft Edge.

Hackers also targeted the V8 engine in 2023. Google patched two V8 zero days - CVE-2023-3079 and CVE-2023-2033 - last year.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.