Connect with us

    Hi, what are you looking for?

    Reviews

    Google Chrome Resolves Yet Another Critical Security Issue

    Google has released an update to boost the security of its Chrome web browser by addressing a critical zero-day vulnerability. This incident marks the second recent occasion where Google has promptly dealt with such a vulnerability in Chrome, making it the third security enhancement since the launch of Chrome version 123 on March 20, 2024.

    Users of Chrome are strongly encouraged to promptly update their browsers to protect themselves from potential security threats.

    To verify the status of Chrome on your desktop, you can go to chrome://settings/help. Your Chrome browser is considered up to date if the version displayed is 123.0.6312.105, 123.0.6312.106, or 123.0.6312.107.

    If you are using an older version, your browser should automatically receive the necessary security update. It’s important to highlight that this process is applicable only to desktop systems, as Chrome updates for Android are managed through Google Play.

    Zero-Day JavaScript Vulnerability

    The vulnerability was first showcased publicly at the Pwn2Own hacking event in March 2024. Security experts Edouard Bochin and Tao Yan managed to exploit the vulnerability successfully, targeting Chrome and Microsoft Edge during the competition.

    Their demonstration earned them a reward of $42,500. The exploit involved leveraging an out-of-bounds read along with a novel method to bypass V8 hardening and execute unauthorized code in the renderer.

    Other browsers built on Chromium might also be vulnerable due to a shared component. Some of these browsers may have already been updated to address this security risk.

    Advertisement. Scroll to continue reading.

    Essential Points

    The Pwn2Own competition is esteemed for discovering and exploiting vulnerabilities in different products, with browsers being a significant focal point since the inception of the competition.

    Browsers are attractive targets for exploitation as they offer avenues for extracting information, altering content, and gaining unauthorized access to cookies or passwords.

    Mozilla and Microsoft have also tackled zero-day vulnerabilities in Firefox and Edge, following successful exploitation of these browsers in the competition.

    To mitigate the risk of cookie theft, Google has introduced a new program aimed at associating cookies with the specific system where they originated, potentially setting a new standard on the web.

    Image Source: BigTunaOnline / Shutterstock

    Advertisement. Scroll to continue reading.

    You May Also Like

    Reviews

    Microsoft has resolved 74 security issues in its software during the company’s August 2023 Patch Tuesday release. The previous month’s update tackled 132 vulnerabilities,...

    Hacks

    An economical high-voltage power supply project has been developed by Sebastian from Baltic Labs. The primary element of this endeavor is a commercial power...

    Hacks

    The issue of compatibility centers around the POPCNT CPU function. TheBobPony’s posts on Twitter uncovered that this function is found in several Windows 11...

    Hacks

    The choice to utilize USB storage was influenced by the nonexistence of Bluetooth and the substandard audio input port in the dated entertainment system....