Chrome patches fourth zero-day flaw this month
- by nlqip
What is known about the vulnerability
The newly patched vulnerability is tracked as CVE-2024-5274 and is described as a type confusion issue in the Chrome V8 JavaScript engine. Type confusion is a type of error that can occur in programming languages that use dynamic typing such as JavaScript and can be exploited by modifying the type of a given variable with the goal of triggering unintended behavior.
The Chrome team rates the vulnerability as high severity and credits Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security for reporting it on 20 May. The team also notes that it is aware that an exploit for this vulnerability exists in the wild.
While no technical details have been released about the vulnerability for safety reasons to allow users to update, it is possible that this could be an arbitrary code execution flaw. Such flaws would normally be rated critical in many software programs, but the Chrome V8 engine has a memory heap sandbox and other security mechanisms such as JITCage that make exploitation harder. For a successful exploit, the attackers would likely have needed to chain this vulnerability with others that bypass these mitigations.
Source link
lol
What is known about the vulnerability The newly patched vulnerability is tracked as CVE-2024-5274 and is described as a type confusion issue in the Chrome V8 JavaScript engine. Type confusion is a type of error that can occur in programming languages that use dynamic typing such as JavaScript and can be exploited by modifying the…
Recent Posts
- Security plugin flaw in millions of WordPress sites gives admin access
- Phishing emails increasingly use SVG attachments to evade detection
- Fake AI video generators infect Windows, macOS with infostealers
- T-Mobile confirms it was hacked in recent wave of telecom breaches
- GitHub projects targeted with malicious commits to frame researcher