Google Patches Actively Exploited Zero-day Vulnerability Impacting Chrome Browser (CVE-2024-0519)

Qualys Security Advisory

Google has released security updates to address four vulnerabilities impacting Chrome. One of the four vulnerabilities, CVE-2024-0519, is exploited in the wild. The vulnerability was reported anonymously to Google. CVE-2024-0519 is the first zero-day vulnerability addressed by Google this year.

CVE-2024-0519 is a high-severity out-of-bounds memory access vulnerability in the V8 JavaScript and WebAssembly engines. An attacker may exploit the vulnerability to trigger a crash.

Other vulnerabilities patched in the updates are:

CVE-2024-0517

Toan (suto) Pham of Qrious Secure has discovered and reported the vulnerability to Google. This is a high-severity out-of-bounds write vulnerability in V8.

CVE-2024-0518

Ganjiang Zhou of the team ChaMd5-H1 has discovered and reported the vulnerability to Google. This is a high-severity type confusion vulnerability in V8.

Affected Versions

Google Chrome versions before 120.0.6099.234 are affected by this vulnerability.

Mitigation

Customers are requested to upgrade to the latest stable channel version 120.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 for Windows.

Google will release Extended Stable channel 120.0.6099.234 for Mac and 120.0.6099.225 for Windows in the coming weeks.

For more information, please refer to the Google Chrome Release Page.

Qualys Detection

Qualys customers can scan their devices with QID 379263 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References

https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html

READ MORE