Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild.
谷歌周一发布了紧急修复程序,以解决Chrome网络浏览器中的一个新的零日漏洞,该漏洞正在被恶意利用。
The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024.
这个高危漏洞被跟踪为CVE-2024-4761,是一个影响V8 JavaScript和WebAssembly引擎的越界写入漏洞。它于2024年5月9日匿名报告。
Out-of-bounds write bugs could be typically exploited by malicious actors to corrupt data, or induce a crash or execute arbitrary code on compromised hosts.
越界写入漏洞通常可以被恶意行为者利用来破坏数据,或诱发崩溃或在受感染的主机上执行任意代码。
"Google is aware that an exploit for CVE-2024-4761 exists in the wild," the tech giant said.
“谷歌知道CVE-2024-4761的一个利用存在于野外,”这家科技巨头表示。
Additional details about the nature of the attacks have been withheld to prevent more threat actors from weaponizing the flaw.
为了防止更多的威胁行为者武器化此漏洞,有关攻击性质的更多细节已被隐瞒。
The disclosure comes merely days after the company patched CVE-2024-4671, a use-after-free vulnerability in the Visuals component that has also been exploited in real-world attacks.
该披露仅仅是在公司修复了CVE-2024-4671之后的几天,这是Visuals组件中一个已被实际攻击利用的使用后释放漏洞。
With the latest fix, Google has addressed a total of six zero-days since the start of the year, three of which were demonstrated at the Pwn2Own hacking contest in Vancouver in March -
通过最新的修复,谷歌自今年初以来已经解决了总共六个零日漏洞,其中三个在3月份温哥华Pwn2Own黑客大赛上被演示。
-
CVE-2024-0519 - Out-of-bounds memory access in V8 (actively exploited)
-
CVE-2024-2886 - Use-after-free in WebCodecs
-
CVE-2024-2887 - Type confusion in WebAssembly -
CVE-2024-3159 - Out-of-bounds memory access in V8 -
CVE-2024-4671 - Use-after-free in Visuals (actively exploited)
Users are recommended to upgrade to Chrome version 124.0.6367.207/.208 for Windows and macOS, and version 124.0.6367.207 for Linux to mitigate potential threats.
建议用户升级到Chrome版本124.0.6367.207/.208(Windows和macOS),以及版本124.0.6367.207(Linux),以减轻潜在的威胁。
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
Chromium-based浏览器的用户,如Microsoft Edge,Brave,Opera和Vivaldi,也建议在可用时应用修复程序。
参考资料
[1]https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html
关注我们
欢迎来到我们的公众号!我们专注于全球网络安全和精选双语资讯,为您带来最新的资讯和深入的分析。在这里,您可以了解世界各地的网络安全事件,同时通过我们的双语新闻,获取更多的行业知识。感谢您选择关注我们,我们将继续努力,为您带来有价值的内容。
原文始发于微信公众号(知机安全):Chrome浏览器零日漏洞CVE-2024-4761危机公告
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论