April 25, 2024

The WebAssembly and V8 JavaScript engine used in both the browsers of Google Chrome and Chromium recently patched critical remote code execution vulnerability.

Successful exploitation of the issue could allow an attacker to implement arbitrary code when it comes to the browser due to a use-after-free vulnerability in the instruction optimization component.

Advertisements

Google was informed about the bug in Chrome 101’s Dev channel. The bug has since been silently fixed.

Researchers explains, It occurs during instruction selection stage when the wrong instruction is selected, leading to an exception during memory access.

When previously-freed memory is accessed, use-after-free vulnerabilities can result an unexpected behavior and cause a program to crash, make use of data that is corrupted, or even execute arbitrary code.

It is more concerning that a specially designed website can exploit the flaw remotely to bypass security restrictions and run arbitrary code to compromise the system.

Google does not assign CVE IDs to vulnerabilities that are found in non-stable Chrome channels.

Advertisements

To ensure their applications are compatible with the latest Chrome features and API changes, Chrome users, especially developers, should update to the latest version available.

In 2021, Google fixes nearly 7 similar kind of use-after-free bugs.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Google Fixes Critical Vulnerability in Chrome -CVE-2024-4058

April 24, 2024

Red Ransomware Victimized Targus

April 23, 2024

Oracle Virtual Box Vulnerability PoC Released – CVE-2024-21111

April 22, 2024

CrushFTP Zeroday Vulnerability Exploited in Wild attack

April 21, 2024

TheCyberThrone Security Week In Review – April 20, 2024

April 21, 2024

MITRE Breached Exploiting Ivanti Zeroday

April 20, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading