Google launched an replace for its Chrome internet browser a second in the past that fixes 4 safety points in all desktop variations and in Chrome for Android. One of many patched safety points is exploited within the wild.
Chrome customers on desktop techniques could replace Chrome to the brand new model already. That is achieved mechanically by Chrome, however some customers could need to replace the browser instantly to guard it in opposition to the 0-day vulnerability that’s focused within the wild.
Load chrome://settings/assist in the browser’s handle bar or choose Menu > Assist > About Google Chrome to open the identical web page. Google Chrome runs a verify for updates and can obtain and set up the safety replace at this level. A restart of the net browser is required to finish the set up of the replace.
The Assist web page ought to listing one of many following Chrome variations after instalation:
- Chrome for Mac: 120.0.6099.234
- Chrome for Linux: 120.0.6099.224
- Chrome for Home windows: 120.0.6099.224 or 120.0.6099.225
- Chrome Prolonged Steady Channel for Mac: 120.0.6099.234
- Chrome Prolonged Steady Channel for Home windows: 120.0.6099.225
Chrome 120 patches a 0-day vulnerability
The official Google Chrome releases weblog lists three of the 4 safety points that Google addressed within the replace on the web page. Google doesn’t reveal details about internally found safety points on the weblog.
The three listed points embrace the 0-day vulnerability that’s exploited within the wild:
- [$16000][1515930] Excessive CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Safe on 2024-01-06
- [$1000][1507412] Excessive CVE-2024-0518: Kind Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 crew on 2023-12-03
- [$TBD][1517354] Excessive CVE-2024-0519: Out of bounds reminiscence entry in V8. Reported by Nameless on 2024-01-11
Google confirms that CVE-2025-0519 is exploited within the wild: “Google is conscious of studies that an exploit for CVE-2024-0519 exists within the wild.”
The problem was reported on January 11, 2024 to Google. It impacts V8, which is the JavaScript and WebAssembly engine that Google Chrome makes use of. All three listed safety points have an effect on the engine in Chrome.
Different Chromium-based browsers are additionally affected by the problem. Search for safety updates for these browsers as effectively to guard them in opposition to potential assaults on the internet.
Chrome customers are inspired to put in the replace instantly to guard the browser in opposition to assaults.
Google launched Chrome 120 Steady on December 6, 2023 to the general public. The replace included safety updates but additionally password sharing enhancements and launched computerized security checks within the browser. Extra level updates had been launched within the meantime, together with on December 13, 2023.
Now You: do you run Chrome?
Abstract
Article Title
Time to patch: Chrome 120 fixes a 0-day safety difficulty
Description
Google launched a degree replace for Chrome 120 a second in the past that patches 4 safety points, one among which is exploited within the wild.
Creator
Martin Brinkmann
Writer
Ghacks Expertise Information
Emblem
Commercial
