CyberSecurityBoard
Sponsor Register Login

Google fixes first actively exploited Chrome zero-day of 2024

Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year.
The company fixed the zero-day for users in the Stable Desktop channel, with patched versions rolling out worldwide to Windows, Mac, and Linux users less than a week after being reported to Google.
Although Google says the security update could take days or weeks to reach all impacted users, it was available immediately when BleepingComputer checked for updates today.
Those who prefer not to update their web browser manually can rely on Chrome to automatically check for new updates and install them after the next launch.
The high-severity zero-day vulnerability is due to a high-severity out-of-bounds memory access weakness in the Chrome V8 JavaScript engine, which attackers can exploit to gain access to data beyond the memory buffer, providing them access to sensitive information or triggering a crash.
Besides unauthorized access to out-of-bounds memory, CVE-2024-0519 could also be exploited to bypass protection mechanisms such as ASLR to make it easier to achieve code execution via another weakness.
While Google knows of CVE-2024-0519 zero-day exploits used in attacks, the company has yet to share further details regarding these incidents.
Today, Google also patched V8 out-of-bounds write and type confusion flaws, allowing for arbitrary code execution on compromised devices.
Last year, Google fixed eight Chrome zero-day bugs exploited in attacks tracked as CVE-2023-7024, CVE-2023-6345, CVE-2023-5217, CVE-2023-4863, CVE-2023-3079, CVE-2023-4762, CVE-2023-2136, and CVE-2023-2033.
Like CVE-2023-4762, were tagged as zero-days used to deploy spyware on vulnerable devices belonging to high-risk users, including journalists, opposition politicians, and dissidents, several weeks after the company released patches.
Google Chrome emergency update fixes 7th zero-day exploited in 2023.
Google fixes 8th Chrome zero-day exploited in attacks this year.
Apple emergency updates fix recent zero-days on older iPhones.
Latest Adblock update causes massive YouTube performance hit.
Ivanti Connect Secure zero-days now under mass exploitation.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 16 Jan 2024 19:15:30 +0000


Cyber News related to Google fixes first actively exploited Chrome zero-day of 2024

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
3 weeks ago Securityaffairs.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
4 months ago Darkreading.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
5 months ago Darkreading.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 month ago Bleepingcomputer.com
Google fixes first actively exploited Chrome zero-day of 2024 - Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, with patched versions rolling out worldwide ...
5 months ago Bleepingcomputer.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
3 weeks ago Securityaffairs.com
newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
3 weeks ago Securityaffairs.com
Google patches third exploited Chrome zero-day in a week - Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60. ...
1 month ago Bleepingcomputer.com
North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
1 month ago Securityaffairs.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
5 months ago Techtarget.com
Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
1 month ago Securityaffairs.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
6 months ago Bleepingcomputer.com
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
1 month ago Bleepingcomputer.com
Microsoft fixes Windows zero-day exploited in QakBot malware attacks - Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the ...
1 month ago Bleepingcomputer.com
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
6 months ago Bleepingcomputer.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
6 months ago Darkreading.com
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
1 month ago Bleepingcomputer.com
New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
3 weeks ago Securityaffairs.com
Impact of Remote Work and Cloud Migrations on Security Perimeters - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
3 weeks ago Securityaffairs.com
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
2 weeks ago Securityaffairs.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
6 months ago Bleepingcomputer.com
Google Chrome emergency update fixes 6th zero-day exploited in 2023 - Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. The company acknowledged the existence of an exploit for the security flaw in a new security ...
6 months ago Bleepingcomputer.com
CISA warns of hackers exploiting Chrome, EoL D-Link bugs - The U.S. Cybersecurity & Infrastructure Security Agency has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. Adding the issues to the KEV catalog ...
1 month ago Bleepingcomputer.com
BreachForums resurrected after FBI seizure - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
3 weeks ago Securityaffairs.com
Google discloses 2 zero-day vulnerabilities in less than a week - Google patched another Chrome zero-day vulnerability on Monday, the second one in the span of four days. In a blog post on Monday, Daniel Yip, technical program manager at Google, disclosed a high-severity out-of-bounds write vulnerability tracked as ...
1 month ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)