• ethiocert
  • ethiocert
  • ethiocert

ناشر الأصول

null Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now!

Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw.

The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash.

 

"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service," according to MITRE's Common Weakness Enumeration (CWE).

Additional details about the nature of the attacks and the threat actors that may be exploiting it have been withheld in an attempt to prevent further exploitation. The issue was reported anonymously on January 11, 2024.

"Out-of-bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," reads a description of the flaw on the NIST's National Vulnerability Database (NVD).

 

The development marks the first actively exploited zero-day to be patched by Google in Chrome in 2024. Last year, the tech giant resolved a total of 8 such actively exploited zero-days in the browser.

Users are recommended to upgrade to Chrome version 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats.

 

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Services

 

Services

ema
Protect

This refers to making sure an organization has taken the necessary measures and precautions to secure itself before any cybersecurity problems arise. This area focuses on proactive strategies rather than reactive strategies.

ema
Detect

Incidents cannot be responded to unless they are detected. In fact, detection of security incidents may take weeks or months for many organizations to accomplish.

ema
Respond

Responding to a computer security incident has a few steps. The first step is when the team receives a report of an incident from a constituent, such as a user, business partner or security operations center staff member.

التطبيقات المتداخلة

Alerts and Tips

Alerts and Tips

 

Security Awareness

Security Awareness

Tools

Tools