Another Google Chrome 0-day vulnerability fixed: update asap

Martin Brinkmann
Apr 4, 2024
Google Chrome
|
8

Google released a security update for its Chrome web browser to address another 0-day security vulnerability. This is the second 0-day vulnerability that Google fixed in Chrome in recent time and the third security update since the release of Chrome 123 on March 20, 2024.

Chrome users may want to update the browser immediately to protect it against potential attacks.

Load chrome://settings/help on the desktop to find out if Chrome is up to date. Chrome is up to date if you see one of the following versions: 123.0.6312.105, 123.0.6312.106, or 123.0.6312.107.

The browser should pick up the newest security update if an older version is installed. Note that this works only on desktop systems. Chrome for Android updates are managed by Google Play.

0-day JavaScript vulnerability

Chrome Security Update

The vulnerability was shown to the public during the Pwn2Own hacking contest in March 2024 for the first time. Demoed by security researchers Edouard Bochin and Tao Yan, the researchers managed to exploit Chrome and also Microsoft Edge during the competition using the exploit.

This earned them $42500 in price money during the competition. According to the official announcement, the exploit used an out of bounds read "plus a novel technique" to defeat V8 hardening and execute arbitrary code in the renderer.

Other Chromium-based web browsers are also affected by the issue, as it affects a shared component. Some of the browsers may have been updated already as a reaction to the reported security issue.

Closing Words

The Pwn2Own competition is notorious for finding and exploiting vulnerabilities in all kinds of products. Browsers have been a high priority target ever since the hacking competition opened its doors.

Browsers are a lucrative target as successful exploits open up lots of opportunities. This ranges from data extractions and manipulations of content in browsers to cookie or password stealing.

Mozilla and Microsoft addressed 0-day vulnerabilities in Firefox and Edge as well, as the browsers were also exploited during the competition.

Google announced a new project this week in an attempt to prevent cookie stealing. The company hopes that this project will become a new web standard. At its core, it is binding cookies to the system they were created on.

Do you keep your browsers up to date?

Summary
Another Google Chrome 0-day vulnerability fixed: update asap
Article Name
Another Google Chrome 0-day vulnerability fixed: update asap
Description
Google released a security update for its Chrome web browser to patch a 0-day vulnerability. Other Chromium-based browsers also affected.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «

Comments

  1. Daisy Duke said on April 5, 2024 at 6:14 am
    Reply

    @John Smith

    Hi Ballmer, is that you? <3

    "Screw Google’s anti-consumer, anti-privacy, biased ecosystem and Manifest v3."

    Aww, but you just loooove M$ don't you? I bet you use Winblows, too, if not outright paid to post such dribble.

  2. Johnny Depp's Depp said on April 5, 2024 at 6:12 am
    Reply

    @Andy Prough

    I personally take a shot of whiskey every time M$ patches dozens of remotely exploitable “bugs” to admin/root.

    I’m not at all concerned, though, I have 9 livers, 8 implanted just i case before I started reading as far back as 3.11.

    1. Andy Prough said on April 5, 2024 at 6:10 pm
      Reply

      You’re going to need a few more spare livers. I’d go with about 12 if you can fit them in there.

  3. John G. said on April 5, 2024 at 12:20 am
    Reply

    I like when a bug is fixed and the security is enhanced- Thanks for the article! :]

  4. Anonymous said on April 4, 2024 at 6:58 pm
    Reply

    So this vulnerability was Chromium? because Chrome is Chromium, but Chromium is not Chrome. Chrome is close source and Chromium is the open source anyone can use to develop their browser.

    So, saying ‘Chrome’ is not wrong, but not entirely correct especially since it affects other Chromium base browsers.

  5. Anonymous said on April 4, 2024 at 6:55 pm
    Reply

    It’s been almost 24 hours since Brave got 123.0.6312.105, so most people should already have this unless they blocked automatic updates with a firewall or something.

    Funny is how Nightly got this like 15 hours ago, way after stable users, not like it matters but I just found it interesting I saw the build with 105 way after the announcement in reddit for the stable one.

    BTW, on Nightly, Brave already offers Split View for people who use Nightly builds but never check new flags and features being added. You enable the flag and then you use tabs context menu to use it. WIP and early stages but it works okay even if it is still limited has some bugs.

  6. Andy Prough said on April 4, 2024 at 5:10 pm
    Reply

    Another day, another $42,500 in prize money for pwning Chrome/chromium. It’s like taking candy from a baby.

  7. John Smith said on April 4, 2024 at 7:32 am
    Reply

    Update to a different browser. Screw Google’s anti-consumer, anti-privacy, biased ecosystem and Manifest v3.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.