Qualys Security Advisory
Google has released security updates to address four vulnerabilities impacting Chrome. One of the four vulnerabilities, CVE-2024-0519, is exploited in the wild. The vulnerability was reported anonymously to Google. CVE-2024-0519 is the first zero-day vulnerability addressed by Google this year.
Other vulnerabilities patched in the updates are:
Toan (suto) Pham of Qrious Secure has discovered and reported the vulnerability to Google. This is a high-severity out-of-bounds write vulnerability in V8.
Ganjiang Zhou of the team ChaMd5-H1 has discovered and reported the vulnerability to Google. This is a high-severity type confusion vulnerability in V8.
Google Chrome versions before 120.0.6099.234 are affected by this vulnerability.
Customers are requested to upgrade to the latest stable channel version 120.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 for Windows.
Google will release Extended Stable channel 120.0.6099.234 for Mac and 120.0.6099.225 for Windows in the coming weeks.
For more information, please refer to the Google Chrome Release Page.
Qualys customers can scan their devices with QID 379263 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.