Google Patches High-Risk Zero-Day Chrome Flaw; Urges Immediate Update
April 4, 2024Google has released a new Chrome update to address a high-severity zero-day vulnerability, CVE-2024-3159.
The CVE-2024-3159 vulnerability involves out-of-bounds memory access in the V8 JavaScript engine and was disclosed by Edouard Bochin and Tao Yan of Palo Alto Networks.
CVE-2024-3159 could allow remote attackers to access sensitive data or cause a system crash.
This fix is one of four zero-day vulnerabilities patched by Google in Chrome this year.
Google also remedied two other high-severity issues, CVE-2024-3156 and CVE-2024-3158, and previously addressed two vulnerabilities from Pwn2Own Vancouver 2024.
Users are urged to update their Chrome browsers to the latest version to safeguard against these threats; there have been no reports of active exploitation in the wild.
Summary based on 3 sources
Get a daily email with more Tech stories
Sources
BleepingComputer • Apr 3, 2024
Google fixes one more Chrome zero-day exploited at Pwn2OwnSecurityWeek • Apr 3, 2024
Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2OwnSecurity Affairs • Apr 3, 2024
Google fixed another Chrome zero-day exploited at Pwn2Own