Google has released an update to boost the security of its Chrome web browser by addressing a critical zero-day vulnerability. This incident marks the second recent occasion where Google has promptly dealt with such a vulnerability in Chrome, making it the third security enhancement since the launch of Chrome version 123 on March 20, 2024.
Users of Chrome are strongly encouraged to promptly update their browsers to protect themselves from potential security threats.
To verify the status of Chrome on your desktop, you can go to chrome://settings/help. Your Chrome browser is considered up to date if the version displayed is 123.0.6312.105, 123.0.6312.106, or 123.0.6312.107.
If you are using an older version, your browser should automatically receive the necessary security update. It’s important to highlight that this process is applicable only to desktop systems, as Chrome updates for Android are managed through Google Play.
Zero-Day JavaScript Vulnerability
The vulnerability was first showcased publicly at the Pwn2Own hacking event in March 2024. Security experts Edouard Bochin and Tao Yan managed to exploit the vulnerability successfully, targeting Chrome and Microsoft Edge during the competition.
Their demonstration earned them a reward of $42,500. The exploit involved leveraging an out-of-bounds read along with a novel method to bypass V8 hardening and execute unauthorized code in the renderer.
Other browsers built on Chromium might also be vulnerable due to a shared component. Some of these browsers may have already been updated to address this security risk.
Essential Points
The Pwn2Own competition is esteemed for discovering and exploiting vulnerabilities in different products, with browsers being a significant focal point since the inception of the competition.
Browsers are attractive targets for exploitation as they offer avenues for extracting information, altering content, and gaining unauthorized access to cookies or passwords.
Mozilla and Microsoft have also tackled zero-day vulnerabilities in Firefox and Edge, following successful exploitation of these browsers in the competition.
To mitigate the risk of cookie theft, Google has introduced a new program aimed at associating cookies with the specific system where they originated, potentially setting a new standard on the web.
Image Source: BigTunaOnline / Shutterstock