bleepingcomputer[.]com/news/security/google-fixes-first-actively-exploited-chrome-zero-day-of-2024/
This newly discovered vulnerability is being actively exploited, so it's extra important to update Chrome ASAP.
The high-severity zero-day vulnerability (CVE-2024-0519) is due to a high-severity out-of-bounds memory access weakness in the Chrome V8 JavaScript engine, which attackers can exploit to gain access to data beyond the memory buffer, providing them access to sensitive information or triggering a crash.
While Google knows of CVE-2024-0519 zero-day exploits used in attacks, the company has yet to share further details regarding these incidents."Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."
Today, Google also patched V8 out-of-bounds write (CVE-2024-0517) and type confusion (CVE-2024-0518) flaws, allowing for arbitrary code execution on compromised devices.