"Google Warns of Chrome Browser Zero-Day Being Exploited"
Google has recently pushed out an urgent Chrome browser update to fix a trio of high-severity security defects and warned that one of the bugs is already being exploited in the wild. Google describes the exploited zero-day, CVE-2024-0519, as an out-of-bounds memory access issue in the V8 JavaScript engine. Google did not provide any additional details on the scope of the observed attacks or share telemetry to help defenders hunt for signs of compromise. A barebones advisory notes: “Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild.” Google says the zero-day was reported anonymously. The latest Chrome browser update also provides cover for two additional memory safety issues in V8 that are rated high-risk. Google said the update also includes multiple fixes found internally from audits, fuzzing, and other initiatives. In 2023, Google patched at least seven zero-days discovered during in-the-wild exploitation.
SecurityWeek reports: "Google Warns of Chrome Browser Zero-Day Being Exploited"