Connect with us

Hi, what are you looking for?

Reviews

Google Chrome Patches Another Critical Security Flaw

Image Source: BigTunaOnline / Shutterstock

Google has rolled out an update to enhance the security of its Chrome web browser by fixing a critical 0-day vulnerability. This marks the second recent instance where Google has swiftly addressed such a vulnerability in Chrome, making it the third security update following the release of Chrome version 123 on March 20, 2024.

Users of Chrome are strongly advised to update their browsers promptly to shield themselves from potential security risks.

To check the status of Chrome on desktop, navigate to chrome://settings/help. Your Chrome browser is up to date if the version displayed is 123.0.6312.105, 123.0.6312.106, or 123.0.6312.107.

If you are using an older version, the browser should automatically receive the necessary security update. It’s important to note that this method applies to desktop systems only, as Chrome updates for Android are managed via Google Play.

0-Day JavaScript Vulnerability

The vulnerability was publicly showcased for the first time at the Pwn2Own hacking event in March 2024. Security experts Edouard Bochin and Tao Yan successfully exploited the vulnerability, targeting Chrome and Microsoft Edge during the competition.

Their demonstration earned them a reward of $42,500. The exploit involved utilizing an out-of-bounds read along with a new technique to bypass V8 hardening and execute unauthorized code in the renderer.

Other browsers based on Chromium may also be at risk due to a common component. Some of these browsers may have already been updated to mitigate this security threat.

Advertisement. Scroll to continue reading.
AIAD

Key Takeaways

The Pwn2Own competition is renowned for uncovering and leveraging vulnerabilities in various products, with browsers being a key focus since the competition’s inception.

Browsers are enticing targets for exploitation as they provide opportunities for information extraction, content alteration, and unauthorized access to cookies or passwords.

Mozilla and Microsoft have also addressed 0-day vulnerabilities in Firefox and Edge, following successful exploitation of these browsers during the competition.

To counter the risk of cookie theft, Google has introduced a new initiative designed to link cookies to the specific system where they were generated, potentially establishing a new standard on the web.

Image Source: BigTunaOnline / Shutterstock

Advertisement. Scroll to continue reading.
AIAD

You May Also Like

Reviews

Firefox has offered profile support for quite some time, which might come as a surprise to many users due to the feature’s limited exposure....

Reviews

Microsoft has increased the prices of its Microsoft 365 subscriptions, but subscribers now have access to the new Copilot feature. You may already know...

Reviews

There are multiple ways to install Windows 11 on devices that do not meet official support criteria, as well as methods for upgrading from...

Reviews

Google has introduced a new security update for its Chrome browser, rectifying 16 separate security vulnerabilities. A number of these issues also affect other...