Apr 4, 2024
Google fixes one more Chrome zero-day exploited at Pwn2Own
Posted by Saúl Morales Rodriguéz in category: cybercrime/malcode
Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month.
Tracked as CVE-2024–3159, this high-severity security flaw is caused by an out-of-bounds read weakness in the Chrome V8 JavaScript engine.
Remote attackers can exploit the vulnerability using crafted HTML pages to gain access to data beyond the memory buffer via heap corruption, which can provide them with sensitive information or trigger a crash.