New year rhymes with new problems, and the Mountain View firm is paying the price with a zero-day flaw in its browser, already exploited since the beginning of 2024.
If Google engineers thought they would have a bit of a break in January, they must have been disappointed! The war between developers and malicious actors is relentless and above all… merciless.
Google Chrome is a very popular battleground, as it is the most used web browser in the world. The potential targets are numerous, and all means are good to reach them. This is evidenced by this new loophole that the American giant has just filled.
JavaScript, the newbie of the moment
This Tuesday, Google informed us of the existence of CVE-2024-0519, a vulnerability that allows malicious actors to access Chrome user data. To find the source of the problem, you have to look at JavaScript V8. Indeed, it is possible to manipulate the buffer used by the engine to access sensitive information or crash the browser.
Fortunately, the American company’s reaction was not long in coming, since it has already implemented a fix. This is already rolling out, and Chrome should install the update on your device now or in the coming days.
To check that you are safe, you will need to click on the button with the three vertical dots at the top right of the browser, then go to “ Help ” and finally ” About Chrome “. From there, you will be able to check your Chrome version, which should be (at least) the following:
- 120.0.6099.224/225 for Windows;
- 120.0.6099.234 for macOS;
- 120.0.6099.224 for Linux distributions.
However, since Google has been changing the way it presents new updates for several months, it will certainly be difficult for you to miss the patch when it becomes available on your machine.
A bad start to the year for Chrome
Like other zero-day vulnerabilities, CVE-2024-0519 can also allow the execution of malicious code without the user’s knowledge, in this case through another potential weakness. Which is hardly reassuring, since malicious actors have already taken advantage of it since the start of the year.
Google has not yet informed us of the impact of this vulnerability, and we will have to wait before knowing more. “ Access to bug details and links may be restricted until a majority of users are updated with a fix », Explained the firm. “ We will also maintain these restrictions if the bug exists in a third-party library that other projects depend on, but which has not yet been fixed. »
In 2023, Google Chrome received eight such patches. We can therefore say that 2024 is off to a flying start for the browser, and there is nothing like a good antivirus to help you have a slightly more peaceful year.
Download
7.8
- Very good performance
- Simple and pleasant to use
- A well-secured browser
Complete and fluid, Google Chrome has established itself as a free reference for web browsers and is in an excellent position compared to other flagship applications such as Mozilla Firefox and Microsoft Edge (formerly Internet Explorer). To complete its Windows, Mac and Linux version for computers, the Californian firm also offers a mobile version compatible with Android and iOS.
Complete and fluid, Google Chrome has established itself as a free reference for web browsers and is in an excellent position compared to other flagship applications such as Mozilla Firefox and Microsoft Edge (formerly Internet Explorer). To complete its Windows, Mac and Linux version for computers, the Californian firm also offers a mobile version compatible with Android and iOS.
Source : BleepingComputer
1