Google has released security updates to address the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild.
The high-serverity vulnerability, tracked as CVE-2024-0519, is an out of bounds memory access in the Chrome JavaScript engine. The flaw was reported by Anonymous on January 11, 2024.
“The Stable channel has been updated to 120.0.6099.234 for Mac and 120.0.6099.224 for Linux and 120.0.6099.224/225 to Windows which will roll out over the coming days/weeks.” reads the security advisory published by the IT giant. “Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild.”
A remote attacker can exploit the flaw by tricking a user into visiting a crafted HTML page to potentially exploit heap corruption.
As usual, Google did not share details of the attacks that exploited the CVE-2024-0519 zero-day in the wild.
Google also fixed the following vulnerabilities:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Chrome zero-day)