Chrome patches fourth zero-day flaw this month
- by nlqip
What is known about the vulnerability
The newly patched vulnerability is tracked as CVE-2024-5274 and is described as a type confusion issue in the Chrome V8 JavaScript engine. Type confusion is a type of error that can occur in programming languages that use dynamic typing such as JavaScript and can be exploited by modifying the type of a given variable with the goal of triggering unintended behavior.
The Chrome team rates the vulnerability as high severity and credits Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security for reporting it on 20 May. The team also notes that it is aware that an exploit for this vulnerability exists in the wild.
While no technical details have been released about the vulnerability for safety reasons to allow users to update, it is possible that this could be an arbitrary code execution flaw. Such flaws would normally be rated critical in many software programs, but the Chrome V8 engine has a memory heap sandbox and other security mechanisms such as JITCage that make exploitation harder. For a successful exploit, the attackers would likely have needed to chain this vulnerability with others that bypass these mitigations.
Source link
lol
What is known about the vulnerability The newly patched vulnerability is tracked as CVE-2024-5274 and is described as a type confusion issue in the Chrome V8 JavaScript engine. Type confusion is a type of error that can occur in programming languages that use dynamic typing such as JavaScript and can be exploited by modifying the…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA