01.18.2024

Chrome Out-of-Bounds Memory Access Vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 01/18/2024

Action Level - High

Description

MCNC would like to alert you regarding a vulnerability impacting Chrome Browser. The vulnerability is being tracked via CVE-2024-0519. The exploit utilizes out-of-bounds memory access in the V8 JavaScript and WebAssembly engine. Out-of-bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, it has not been confirmed yet but it is highly likely that this is plausible in the current vulnerable version of Chrome. Heap corruption can lead to remote code execution on target machines, making this vulnerability one worth patching as soon as possible.

Fixed Versions

Per Google, “The Stable channel has been updated to 120.0.6099.234 for Mac and 120.0.6099.224 for Linux and 120.0.6099.224/225 to Windows which will roll out over the coming days/weeks.”

Attack Vector

Vulnerable Chrome Browser versions, malicious HTML pages

Attack Feasibility 

No exploit scripts have been made publicly available. Since the information known about the exploit is currently limited, the feasibility of malicious actors exploiting this vulnerability is unknown.

Mitigation/Remediation

Immediately update Chrome Browser to the newest, secure version once made available.

Vendor Resources

https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html

<-- Return to Cybersecurity Alerts...

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • twitter
  • facebook
  • youtube
© 2024 MCNC