January 16, 2024 at 04:24PM
Google has released an urgent Chrome browser update to address three high-severity security flaws, warning that one is currently being exploited in the wild. The exploited zero-day, CVE-2024-0519, is an out-of-bounds memory access issue in the V8 JavaScript engine. The update also covers two additional high-risk memory safety issues. This follows recent patches for similar vulnerabilities. In 2023, Google patched at least seven zero-days found in the wild.
Based on the meeting notes, the key takeaways are:
– Google has released an urgent Chrome browser update to address three high-severity security vulnerabilities, including a zero-day exploit tagged as CVE-2024-0519 in the V8 JavaScript engine.
– The zero-day exploit is being actively exploited in the wild, and Google has not provided specific details about the scope of the attacks or shared telemetry to aid defenders in detecting compromises.
– The update also addresses two additional high-risk memory safety issues in V8, along with multiple internally identified fixes from audits and fuzzing.
– This security patch follows recent patches for memory safety issues that could lead to code execution attacks, and comes in the wake of Google’s patching of at least seven zero-day exploits discovered during in-the-wild exploitation in 2023.
Additionally, the meeting notes include related security vulnerabilities in other software products, such as VMware, Opera, and GitLab, to provide context on the current security landscape.