Google Chrome has released its stable channel update version to fix several vulnerabilities, including a Zeroday.
According to the Google security updates report, the vulnerabilities that Google Chrome patched were associated with high severity issues
- Out-of-bounds write (CVE-2024-0517)
- Type confusion (CVE-2024-0518)
- Out-of-bounds memory access (CVE-2024-0519), which existed in the V8 JavaScript engine. This has been considered as a Zeroday
Threat actors discovered that CVE-2024-0519 was one of the vulnerabilities they exploited in the wild. This vulnerability allows a remote threat actor to exploit heap corruption on the vulnerable versions using a crafted HTML page.
CVE-2024-0517 was reported by Toan (suto) Pham of Qrious Secure and rewarded with $16,000, whereas CVE-2024-0518 was reported by Ganjiang Zhou (@refrain_areu) of ChaMd5-H1 team and rewarded with $1000.
An anonymous person reported the zero-day CVE-2024-0519 and the reward was yet to be announced by Google Chrome.
It is recommended that Google Chrome users upgrade to the latest version of Google Chrome to prevent the exploitation of these vulnerabilities. The versions will be 20.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 for Windows.
