Chrome Zero-Day Vulnerability Exploited At Pwn2Own : Patch Now

Google fastened three vulnerabilities within the Chrome browser on Tuesday, alongside with but any other zero-day exploit that used to be exploited all the intention in which thru the Pwn2Own Vancouver 2024 hacking contest.

Google now not too long ago fastened two more zero-day vulnerabilities that had been exploited all the intention in which thru the Pwn2Own hacking competitors.

Palo Alto Networks’ Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) reported the vulnerability identified as CVE-2024-3159 on March 22, 2024, all the intention in which thru Pwn2Own 2024.

Each and every of them got $42,500 and 9 Master of Pwn aspects for efficiently showcasing their assault against Microsoft Edge and Google Chrome.

Google has fastened the vulnerabilities within the Google Chrome Stable channel to 123.0.6312.105/.106/.107 for Dwelling windows and Mac and 123.0.6312.105 for Linux. The replace shall be rolled out within the upcoming days and weeks.

Specifics Of Zero-Day Flaw Addressed – CVE-2024-3159

The CVE-2024-3159 vulnerability is an out-of-bounds memory salvage entry to within the V8 JavaScript engine.

By deceiving the victim into visiting a specially created HTML page, a faraway attacker can exploit this vulnerability and execute salvage entry to to recordsdata that is beyond the memory buffer, so inflicting heap corruption.

The exploitation of vulnerability may fair reason a rupture or the exposing of sensitive recordsdata.

On the 2d day of Pwn2Own, security researchers Edouard Bochin and Tao Yan from Palo Alto Networks demonstrated the zero-day.

Other Security Flaws Addressed

Google also fastened unpleasant implementation in V8, which has been identified as CVE-2024-3156.

Following Zhenghang Xiao’s (@Kipreyyy) disclosure of the position, Google granted a reward of $7,000.

CVE-2024-3158, Utilize after free in Bookmarks, used to be also fastened by Google. After undoingfish reported the position, Google equipped $3000 as a reward.

How To Replace?

To seek essentially the most most modern version on desktop gadgets, Google Chrome users can navigate to Menu > Support > About Google Chrome or kind chrome://settings/abet into the address bar.

The browser looks to be like for updates as rapidly because the web site online is accessed; it downloads and installs any that it finds. It ought to detect and install essentially the most modern version.

To attain the replace, the browser wants to be restarted.

“Opt up admission to to malicious program little print and hyperlinks may perchance be kept restricted except a majority of users are up up to now with a repair. We may support restrictions if the malicious program exists in a Third event library that moderately a pair of projects equally depend upon, however haven’t but fastened”, Google acknowledged.

Google patched plenty of Chrome browser vulnerabilities on the tip of March, alongside with two zero-day vulnerabilities that had been disclosed all the intention in which thru the Pwn2Own 2024. These vulnerabilities are identified as CVE-2024-2886 and CVE-2024-2887.

Mozilla also addresses two zero-day vulnerabilities tracked as CVE-2024-29944 and CVE-2024-29943 that had been now not too long ago exploited by Manfred Paul (@_manfp) on the Pwn2Own hacking contest within the Firefox web browser.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide