Google Patches Mysterious Chrome Zero-Day Exploited in the Wild

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild

Posted on By CWS

Google has launched a safety replace for its Chrome browser, addressing a zero-day vulnerability that the corporate confirms is actively being exploited within the wild.

A number of exploited zero-day vulnerabilities have been patched by the web large in Chrome this yr. Nevertheless, the corporate has all the time shared a quick description of the flaw when saying patches.

On the time of writing, the most recent Chrome zero-day doesn’t have a CVE identifier, and it’s unclear which element of the browser it impacts. The corporate is at the moment figuring out it utilizing a bug tracker ID (466192044) and has marked it as ‘beneath coordination’.

It’s additionally unclear who found the vulnerability and when it was reported to Google. The one piece of knowledge that’s obtainable is that the safety gap has a ‘excessive severity’ score. 

Based mostly on historic traits of actively exploited Chrome zero-days, this flaw could also be a reminiscence corruption difficulty (probably kind confusion or use-after-free) throughout the V8 JavaScript engine or a associated element.

Most of these vulnerabilities can usually be leveraged for a sandbox escape or distant code execution. 

Chrome zero-days are ceaselessly exploited by government-sponsored espionage campaigns that make the most of refined business spy ware. This means that the mysterious vulnerability could have been a part of a focused, slightly than widespread, assault marketing campaign.

The zero-day has been patched with a Chrome 143 replace that additionally addresses two medium-severity points: a use-after-free within the browser’s password supervisor, and an inappropriate implementation flaw within the toolbar element. 

Every of those safety holes earned the reporting researchers a $2,000 bug bounty. Commercial. Scroll to proceed studying.

Associated: Google Fortifies Chrome Agentic AI In opposition to Oblique Immediate Injection Assaults

Associated: Chrome, Edge Extensions Caught Monitoring Customers, Creating Backdoors

Associated: Chrome to Flip HTTPS on by Default for Public Websites

Security Week News Tags:, , , , , ,

Related Posts

Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison  Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison  Security Week News
Masimo Manufacturing Facilities Hit by Cyberattack Masimo Manufacturing Facilities Hit by Cyberattack Security Week News
CYBERCOM 2.0: Pentagon Unveils Plan to Fix Cyber Talent Shortfalls CYBERCOM 2.0: Pentagon Unveils Plan to Fix Cyber Talent Shortfalls Security Week News
160,000 Impacted by Valsoft Data Breach 160,000 Impacted by Valsoft Data Breach Security Week News
Hackers Earn Over Million at Pwn2Own Berlin 2025 Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 Security Week News
Possible Zero-Day Patched in SonicWall SMA Appliances Possible Zero-Day Patched in SonicWall SMA Appliances Security Week News