News

Update Chrome To Fix Zero-Day Vulnerability CVE-2024-0519

Last Tuesday (Jan 16, 2024), Google released Chrome updates to fix 4 security issues. One of these four vulnerabilities is a zero-day flaw (CVE-2024-0519) that was being actively exploited by the hackers. Hence users should immediately update their Chrome browsers to avoid being targeted by hackers.

Zero-day vulnerabilities are quite dangerous. Mostly since there are no known fixes before they are completely patched by the company. Hackers often target these zero-day flaws in different applications, trying to gain access to different devices and steal users’ data.

About CVE-2024-0519

Well, in this particular case, the hackers were targeting the zero-day vulnerability called CVE-2024-0519. This security issue allowed hackers to access Chrome’s V8 engine. V8 is open source javascript in Google Chrome that is responsible for the animations, the web game, and other dynamic website elements that you on the Chrome interface.

CVE-2024-0519

According to MITRE’s Common Weakness Enumeration, the zero-day vulnerability CVE-2024-0519 is a memory access security flaw in Chrome. It enables attackers to read or write memory outside the program’s allocated space giving them access to information they shouldn’t be able to see or modify. This allows hackers that they shouldn’t normally be able to see or modify.

Exploiting zero-day chrome vulnerability CVE-2024-0519 hackers can bypass ASLR’s randomization and target the specific areas where users’ confidential information is usually saved. This helps attackers steal users’ confidential information including saved user IDs and passwords. This hack can potentially enable the hackers to hijack your browser.

According to the National Vulnerability Database (NVD) maintained by NIST, the remote attackers might take advantage of heap corruption through a crafted HTML page before 120.0.6099.224.

Here is a simple example to explain CVE-2024-0519 in simple words:

Let’s assume, your Chrome browser is a library and there are books containing all kinds of information. Some of these books contain your confidential information like saved login credentials, financial details, browsing history, etc. So Google Chrome uses Address Space Layout Randomization (ASLR) that shuffle those shelves randomly daily. It makes it harder for cybercriminals to target specific books without knowing the exact shelves. However, the zero-day vulnerability in V8 gives the exact location of each shelf, making it easier for attackers to target certain information.

What to Do:

Well, Google has not shared any details about the attacks or hackers to prevent further exploitation. However, the vulnerability has been fixed. Google has released the Chrome update with a patch for the vulnerability and hence users should immediately install the latest update of Google Chrome browser.

  • Update your Google Chrome browser immediately!
  • Windows users should update to Chrome version 120.0.6099.224/225
  • MacOS users should update their Chrome to version 120.0.6099.234
  • Linux users should update their browser to version 120.0.6099.224

 

About the author

admin

Leave a Comment