Google Fixes Serious Zero-Day Vulnerabilities

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

Google patched a serious zero-day vulnerability with the company’s web browser, Google Chrome. The vulnerability (tagged as CVE-2024-0519) could be used to completely crash a user’s Chrome browser from a distance. Before the patch, the exploit had been spotted in the wild multiple times.

“Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild,” the company writes.

A zero-day vulnerability is essentially a cybersecurity flaw that developers don’t realize exists. Once a threat actor utilizes the exploit, whether that’s to obtain data, ransom money, or worse, it becomes a zero-day exploit.

Other recent examples of zero-day exploits include the Ivanti VPN company being struck with a zero-day exploit that compromised at least 1,700 devices. The company has yet to find a fix.

Fortunately, Google already patched the exploit. Most Chrome users will have automatic updates, but those that don’t should manually update Google Chrome to the latest security patch.

Besides fixing this exploit, it fixes three other possible exploits.

The company didn’t provide many details about the fix — in a recent blog post, Google only stated the bug was fixed.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” says Google.

The person who submitted the vulnerability remains anonymous. The company used a wide range of software to identify and fix the problem, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.

While it isn’t possible to completely prevent zero-day exploits, Google is making sure to fix them immediately before the exploits can be further abused illustrates responsible cybersecurity practices.

“As usual, our ongoing internal security work was responsible for a wide range of fixes,” Google said.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends.

Leave a Comment