On January 16, 2024, Google released a security patch to address CVE-2024-0519 an out-of-bound security vulnerability exploited in ongoing attacks . This patch specifically targets and fixes the first zero-day vulnerability discovered in the Chrome browser this year.
A remote attacker can take advantage of the issue by fooling a user into opening a specially designed HTML page, leading to potential heap corruption. The out-of-bounds memory access vulnerability CVE-2024-0519 in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. Reading the out-of-bound memory can help an attacker to access secret values which may help in bypassing protection mechanisms such as ASLR which can further aid in remote code execution.
Google has taken precautionary measures by restricting details related to the bug until most users have updated their Chrome browsers.
Affected Products
Google Chrome version before 120.0.6099.224/225 for Windows, 120.0.6099.234 for Mac and 120.0.6099.224 for Linux.
Solution
Google has released Chrome version 120.0.6099.224/225 for Windows, 120.0.6099.234 for Mac and 120.0.6099.224 for Linux.
SanerNow detects these vulnerabilities and automatically fixes them through patch management by applying security updates. We strongly recommend applying the security updates as soon as possible.