Google addressed several vulnerabilities in Chrome, including two zero-day vulnerabilities, tracked as CVE-2024-2886 and CVE-2024-2887, which were demonstrated during the Pwn2Own Vancouver 2024 hacking competition.
The high-severity vulnerability CVE-2024-2886 is a use after free issue that resides in the WebCodecs. The flaw was demonstrated by Seunghyun Lee during the Pwn2Own 2024.
The high-serverity vulnerability CVE-2024-2887 is a type confusion issue that resides in WebAssembly. Manfred Paul demonstrated the vulnerability during the Pwn2Own 2024.
Google also addressed the following vulnerabilities:
- CVE-2024-2883: It is a critical severity vulnerability and a use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03
- CVE-2024-2885: It’s a high severity vulnerability and a use after free in Dawn. Reported by wgslfuzz on 2024-03-11
Google did not reveal if the vulnerabilities have been actively exploited in the wild.
The Stable channel has been updated to 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 to Linux, which will roll out over the coming days/weeks.
