Skip to content

2024-012: Vulnerability in Chrome

Table of Contents

On January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as "CVE-2024-0519", which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability is being actively exploited.


```htmlGoogle Chromium Zero-day Vulnerability CVE-2024-0519

Google Chromium Zero-day Vulnerability CVE-2024-0519

History:

19/01/2024 - v1.0 - Initial publication

Summary:

On January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as CVE-2024-0519, which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability is being actively exploited.

Technical Details:

CVE-2024-0519 is a critical vulnerability in the V8 JavaScript and WebAssembly engine used by Chromium-based browsers. It allows remote attackers to potentially exploit heap corruption via a crafted HTML page, leading to out-of-bounds memory access.

Affected Products:

Google Chrome prior to version 120.0.6099.234 for Mac and 120.0.6099.224 for Linux and 120.0.6099.224/225 for Windows are impacted. Other Chromium-based web browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are possibly impacted.

Recommendations:

  • It is recommended updating the Google Chrome browser to the latest version as it includes patches for CVE-2024-0519 and other vulnerabilities.
  • It is recommended to enable automatic updates for Chrome to ensure timely application of security patches.
  • It is also recommended keeping other Chromium-based browsers up-to-date.

References:

  1. https://nvd.nist.gov/vuln/detail/CVE-2024-0519
  2. https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html

```


```htmlMITRE ATT&CK Matrix for CVE-2024-0519

MITRE ATT&CK Matrix for CVE-2024-0519

Enterprise Layer

Tactic Technique/Sub-Technique Potential Attacker Groups Mitigation Techniques
Initial Access T1190 - Exploit Public-Facing Application APT Groups known to target web browsers M1051 - Update Software
Execution T1203 - Exploitation for Client Execution Unspecified; potential exploitation in the wild M1051 - Update Software
Impact T1499 - Endpoint Denial of Service
- Sub-Technique: T1499.005 - Stored Data Manipulation
Exploit developers and malicious actors seeking to cause disruption M1051 - Update Software
M1018 - Application Isolation and Sandboxing

Mobile Layer

No specific techniques applicable for the CVE-2024-0519 in the mobile context given the advisory.

ICS Layer

No specific techniques applicable for the CVE-2024-0519 in the ICS context given the advisory.

References

``` Please note that the details in this matrix are based on typical attacker behavior and the nature of the vulnerability, as specific attacker groups exploiting CVE-2024-0519 have not been identified in the provided advisory. The mitigation recommendations are also based on best practices for a vulnerability of this type.


This post was generated entirely by an AI language model. Source: CERT EU

Latest