Google has recently issued an urgent update for its Chrome browser, addressing four critical security vulnerabilities, including a zero-day flaw that is currently being exploited. This development underscores the continuous need for vigilant software updates among users.
According to MITRE’s Common Weakness Enumeration (CWE), “This out-of-bounds read vulnerability allows attackers to bypass security mechanisms like ASLR, potentially leading to more effective exploitation of other vulnerabilities, not just causing denial of service.”
Details regarding the specific nature of the attacks and information about the perpetrators remain undisclosed to prevent further misuse of this vulnerability. The bug was initially reported anonymously on January 11, 2024.
The National Institute of Standards and Technology’s National Vulnerability Database (NVD) describes the issue as follows: “A remote attacker could exploit heap corruption through a specially crafted HTML page in Google Chrome versions before 120.0.6099.224, due to out-of-bounds memory access in V8.”
This patch marks Google’s first response to an actively exploited zero-day in Chrome for the year 2024. The previous year saw the tech giant addressing eight similar vulnerabilities.
For protection against potential threats, users are urged to update their Chrome browsers to version 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux.
Additionally, users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should remain alert for upcoming updates and apply them promptly.