April 3, 2024 at 07:12AM
Google announced a new Chrome update addressing a high-severity CVE-2024-3159 bug, exploited at Pwn2Own 2024. The update also resolves two other vulnerabilities and follows last week’s update fixing CVE-2024-2886 and CVE-2024-2887 flaws. This latest iteration is now rolling out for Windows, macOS, and Linux, and users are advised to update to safeguard against potential exploitation.
Based on the meeting notes, the key takeaways are as follows:
1. Google announced a new Chrome update to address a high-severity zero-day vulnerability, tracked as CVE-2024-3159, that was exploited at the Pwn2Own hacking contest. The bug was in the V8 JavaScript and WebAssembly engine and was exploited using a novel technique for defeating V8 hardening.
2. The latest Chrome update also resolves two other vulnerabilities reported by external researchers, namely CVE-2024-3156 and CVE-2024-3158, for which Google paid out a total of $10,000 in bug bounties.
3. The latest Chrome iteration is now rolling out for Windows, macOS, and Linux, with specific version numbers mentioned.
4. Google has not mentioned any exploitation of these security defects in the wild and advises users to update their browsers as soon as possible.
Additionally, it’s worth noting the related news articles about Chrome’s efforts to address vulnerabilities and improve security.