A high-severity zero-day vulnerability, designated as CVE-2024-4761, has been identified within the V8 JavaScript and WebAssembly engine. This vulnerability poses a serious threat, as it could be exploited by attackers to gain remote code execution (RCE) capabilities on vulnerable systems. Due to this critical security vulnerability, Google has issued an urgent update to safeguard users.

Technical Details:

CVE-2024-4761 is an out-of-bounds write vulnerability in the V8 JavaScript and WebAssembly engine of Google Chrome (all versions before 124.0.6367.207/208), reported anonymously on May 9, 2024. This vulnerability allows attackers to potentially corrupt data, crash the application, or execute arbitrary code on the victim’s machine. Google has acknowledged that there are active exploits targeting this vulnerability, although specific exploit details are withheld to prevent further attacks. While indicators of compromise (IoCs) are not publicly available due to limited disclosure, antivirus and security vendors are expected to develop detection rules to identify and block such exploits. Users are advised to update Chrome to version 124.0.6367.207/.208 for Windows/macOS or .207 for Linux to mitigate this risk.

What is CVE-2024-4761?

CVE-2024-4761 is classified as an out-of-bounds write vulnerability. This means there’s a flaw in the way V8 handles memory allocation. When processing certain malicious code, it could write data outside the designated memory space. This corruption can lead to unexpected behavior, crashes, and potentially even remote code execution (RCE).

Details of the Exploit:

CVE-2024-4761 exploits a vulnerability in the browser’s memory management, specifically within its JavaScript engine. This flaw enables attackers to execute arbitrary code on a victim’s machine by directing them to a malicious website. Upon visiting the compromised site, the attacker can take control of the system, which may result in data theft, malware installation, or other malicious activities.

Remediation:

Google patched critical security holes in Chrome this year. Three of these flaws were publicly shown at a hacking competition (Pwn2Own) in March.  These vulnerabilities could be exploited by attackers to potentially take control of your computer. To protect against potential threats, users are strongly advised to upgrade to Chrome version 124.0.6367.207/.208 for Windows and macOS, and version 124.0.6367.207 for Linux. These updated versions address the vulnerabilities and provide enhanced security features to protect users from potential attacks.

Steps to Stay Safe

• Update Chrome Regularly: Enable automatic updates in Chrome settings to ensure you always have the latest security patches.
• Be Wary of Suspicious Links: Don’t click on links from unknown senders or those that seem too good to be true, as they might be attempts to exploit vulnerabilities.
• Consider a Security Solution: A reputable security suite can provide additional protection against malicious websites and malware that might try to exploit vulnerabilities.

If you use a Chromium-based browser like Microsoft Edge, Brave, Opera, or Vivaldi, be on the lookout for updates from your respective browser provider.