Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[Zero-Day] Google’s Urgent Chrome Update

Executive Summary

Google recently released critical security updates for Chrome, addressing vulnerabilities that affect all Chromium-based web browsers, including a zero-day exploit.

None of the vulnerabilities currently have an available CVSS score.

We highly recommend promptly updating Chrome and remaining vigilant for fixes on other Chromium-based browsers.

Zero-Day: CVE-2024-0519

The most critical vulnerability Google fixed is the first zero-day of Chrome in 2024, CVE-2024-0519.

This vulnerability stems from an out-of-bounds memory access flaw in the Chrome V8 JavaScript engine. It potentially enables attackers to access data beyond memory buffers, leading to unauthorised access to sensitive information or system crashes.

This issue may also facilitate bypassing protection mechanisms like ASLR, simplifying code execution through other vulnerabilities.

ASLR (Address Space Layout Randomisation) is a security feature that randomises the memory addresses where system and application components are loaded into memory. This feature aims to make it harder for attackers to predict the location of specific functions or vulnerabilities in a program’s memory. Consequently, it becomes more difficult for them to exploit known security flaws.

Google has acknowledged attacks exploiting this vulnerability but has not disclosed any further details.

CVE-2024-0517

Another patched vulnerability is CVE-2024-0517, an “out of bounds write” flaw within the V8 JavaScript and WebAssembly engine.

This vulnerability could allow remote attackers to execute arbitrary code by manipulating heap memory through malicious HTML pages.

CVE-2024-0518

This vulnerability, CVE-2024-0518, also presents a high-severity risk. It pertains to type confusion within the V8 engine.

Exploitation of this vulnerability could result in heap corruption through crafted HTML pages, potentially granting attackers unauthorised access.

Recommendations

These security patches are crucial for maintaining the integrity and security of your web browsing experience. Users should update their browsers promptly to protect themselves from potential exploits.

For more information, please visit Google’s security advisory.

Once again, please note that security updates are necessary for other Chromium-based browsers as well. It is advisable to follow the release notes and update procedures for other browsers. Stay safe and secure while browsing the web!

Lastly, given the history of frequent Chrome fixes, including zero-days, it is advisable for users to closely monitor updates from Google.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.