Google Updates Chrome to Patch Zero-Day Flaw Exposed at Pwn2Own

In a proactive measure to enhance user security, Google has announced an update to its Chrome browser, effectively patching a series of vulnerabilities, including the zero-day flaw CVE-2024-3159, unveiled at the Pwn2Own hacking contest in March 2024. This critical issue, an out-of-bounds memory access in the V8 JavaScript engine, was exploited by Edouard Bochin and Tao Yan from Palo Alto Networks, earning them a $42,500 reward.

CVE-2024-3159 is the third zero-day discovered at Pwn2Own 2024 to be addressed by Google, following earlier fixes for vulnerabilities in WebCodecs and WebAssembly. In addition to CVE-2024-3159, the latest update also corrects two other vulnerabilities reported by external researchers, with Google disbursing $10,000 in total bounties.

The updated Chrome versions—123.0.6312.105/.106/.107 for Windows and macOS, and version 123.0.6312.105 for Linux—are currently being deployed. 

The diligent response from Google emphasizes the tech giant's commitment to user security and the pivotal role of ethical hacking competitions like Pwn2Own in identifying and mitigating potential threats. These contests not only help in uncovering hidden vulnerabilities but also foster a culture of proactive security measures among tech companies. Users are strongly advised to update their browsers to the latest version to ensure they have the most up-to-date defenses against this specific vulnerability and others that may pose a risk. Google's commitment to security, combined with the collaborative efforts of the cybersecurity community, continues to play a vital role in maintaining the integrity and safety of the digital landscape.

Source: SecurityWeek 04/03/2024