Chrome Out-of-Bounds Memory Access Vulnerability
Date of Notice: 01/18/2024
Action Level - High
Description
MCNC would like to alert you regarding a vulnerability impacting Chrome Browser. The vulnerability is being tracked via CVE-2024-0519. The exploit utilizes out-of-bounds memory access in the V8 JavaScript and WebAssembly engine. Out-of-bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, it has not been confirmed yet but it is highly likely that this is plausible in the current vulnerable version of Chrome. Heap corruption can lead to remote code execution on target machines, making this vulnerability one worth patching as soon as possible.
Fixed Versions
Per Google, “The Stable channel has been updated to 120.0.6099.234 for Mac and 120.0.6099.224 for Linux and 120.0.6099.224/225 to Windows which will roll out over the coming days/weeks.”
Attack Vector
Vulnerable Chrome Browser versions, malicious HTML pages
Attack Feasibility
No exploit scripts have been made publicly available. Since the information known about the exploit is currently limited, the feasibility of malicious actors exploiting this vulnerability is unknown.
Mitigation/Remediation
Immediately update Chrome Browser to the newest, secure version once made available.
Vendor Resources
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html