Connect with us

Hi, what are you looking for?

Reviews

Google Chrome Patches Another Critical Security Flaw

Image Source: BigTunaOnline / Shutterstock

Google has rolled out an update to enhance the security of its Chrome web browser by fixing a critical 0-day vulnerability. This marks the second recent instance where Google has swiftly addressed such a vulnerability in Chrome, making it the third security update following the release of Chrome version 123 on March 20, 2024.

Users of Chrome are strongly advised to update their browsers promptly to shield themselves from potential security risks.

To check the status of Chrome on desktop, navigate to chrome://settings/help. Your Chrome browser is up to date if the version displayed is 123.0.6312.105, 123.0.6312.106, or 123.0.6312.107.

If you are using an older version, the browser should automatically receive the necessary security update. It’s important to note that this method applies to desktop systems only, as Chrome updates for Android are managed via Google Play.

0-Day JavaScript Vulnerability

The vulnerability was publicly showcased for the first time at the Pwn2Own hacking event in March 2024. Security experts Edouard Bochin and Tao Yan successfully exploited the vulnerability, targeting Chrome and Microsoft Edge during the competition.

Their demonstration earned them a reward of $42,500. The exploit involved utilizing an out-of-bounds read along with a new technique to bypass V8 hardening and execute unauthorized code in the renderer.

Other browsers based on Chromium may also be at risk due to a common component. Some of these browsers may have already been updated to mitigate this security threat.

Advertisement. Scroll to continue reading.
AIAD

Key Takeaways

The Pwn2Own competition is renowned for uncovering and leveraging vulnerabilities in various products, with browsers being a key focus since the competition’s inception.

Browsers are enticing targets for exploitation as they provide opportunities for information extraction, content alteration, and unauthorized access to cookies or passwords.

Mozilla and Microsoft have also addressed 0-day vulnerabilities in Firefox and Edge, following successful exploitation of these browsers during the competition.

To counter the risk of cookie theft, Google has introduced a new initiative designed to link cookies to the specific system where they were generated, potentially establishing a new standard on the web.

Image Source: BigTunaOnline / Shutterstock

Advertisement. Scroll to continue reading.
AIAD

You May Also Like

Reviews

There was a mixed response when Netflix revealed its plan to introduce ads on its platform. Towards the end of 2022, the streaming service...

Reviews

Microsoft has recently released security updates for all current versions of its Windows operating system and other products. These updates provide system administrators and...

Reviews

Microsoft recently rolled out Windows 11 build 26120.470 to the Insider Dev channel to address various issues and make enhancements. The update, distributed via...

Reviews

Google has simplified the process of setting up 2-Step Verification (2SV) for user accounts by now allowing users to enable it without the need...