Tyler Cross
Published on: January 18, 2024
Google patched a serious zero-day vulnerability with the company’s web browser, Google Chrome. The vulnerability (tagged as CVE-2024-0519) could be used to completely crash a user’s Chrome browser from a distance. Before the patch, the exploit had been spotted in the wild multiple times.
“Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild,” the company writes.
A zero-day vulnerability is essentially a cybersecurity flaw that developers don’t realize exists. Once a threat actor utilizes the exploit, whether that’s to obtain data, ransom money, or worse, it becomes a zero-day exploit.
Other recent examples of zero-day exploits include the Ivanti VPN company being struck with a zero-day exploit that compromised at least 1,700 devices. The company has yet to find a fix.
Fortunately, Google already patched the exploit. Most Chrome users will have automatic updates, but those that don’t should manually update Google Chrome to the latest security patch.
Besides fixing this exploit, it fixes three other possible exploits.
The company didn’t provide many details about the fix — in a recent blog post, Google only stated the bug was fixed.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” says Google.
The person who submitted the vulnerability remains anonymous. The company used a wide range of software to identify and fix the problem, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
While it isn’t possible to completely prevent zero-day exploits, Google is making sure to fix them immediately before the exploits can be further abused illustrates responsible cybersecurity practices.
“As usual, our ongoing internal security work was responsible for a wide range of fixes,” Google said.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://www.safetydetectives.com/news/google-fixes-serious-zero-day-vulnerabilities/
