Google has rolled out an update to enhance the security of its Chrome web browser by fixing a critical 0-day vulnerability. This marks the second recent instance where Google has swiftly addressed such a vulnerability in Chrome, making it the third security update following the release of Chrome version 123 on March 20, 2024.
Users of Chrome are strongly advised to update their browsers promptly to shield themselves from potential security risks.
To check the status of Chrome on desktop, navigate to chrome://settings/help. Your Chrome browser is up to date if the version displayed is 123.0.6312.105, 123.0.6312.106, or 123.0.6312.107.
If you are using an older version, the browser should automatically receive the necessary security update. It’s important to note that this method applies to desktop systems only, as Chrome updates for Android are managed via Google Play.
0-Day JavaScript Vulnerability
The vulnerability was publicly showcased for the first time at the Pwn2Own hacking event in March 2024. Security experts Edouard Bochin and Tao Yan successfully exploited the vulnerability, targeting Chrome and Microsoft Edge during the competition.
Their demonstration earned them a reward of $42,500. The exploit involved utilizing an out-of-bounds read along with a new technique to bypass V8 hardening and execute unauthorized code in the renderer.
Other browsers based on Chromium may also be at risk due to a common component. Some of these browsers may have already been updated to mitigate this security threat.
Key Takeaways
The Pwn2Own competition is renowned for uncovering and leveraging vulnerabilities in various products, with browsers being a key focus since the competition’s inception.
Browsers are enticing targets for exploitation as they provide opportunities for information extraction, content alteration, and unauthorized access to cookies or passwords.
Mozilla and Microsoft have also addressed 0-day vulnerabilities in Firefox and Edge, following successful exploitation of these browsers during the competition.
To counter the risk of cookie theft, Google has introduced a new initiative designed to link cookies to the specific system where they were generated, potentially establishing a new standard on the web.
Image Source: BigTunaOnline / Shutterstock