Google released a security update for its Chrome web browser to address another 0-day security vulnerability. This is the second 0-day vulnerability that Google fixed in Chrome in recent time and the third security update since the release of Chrome 123 on March 20, 2024.

Chrome users may want to update the browser immediately to protect it against potential attacks.

Load chrome://settings/help on the desktop to find out if Chrome is up to date. Chrome is up to date if you see one of the following versions: 123.0.6312.105, 123.0.6312.106, or 123.0.6312.107.

The browser should pick up the newest security update if an older version is installed. Note that this works only on desktop systems. Chrome for Android updates are managed by Google Play.

0-day JavaScript vulnerability

The vulnerability was shown to the public during the Pwn2Own hacking contest in March 2024 for the first time. Demoed by security researchers Edouard Bochin and Tao Yan, the researchers managed to exploit Chrome and also Microsoft Edge during the competition using the exploit.

This earned them $42500 in price money during the competition. According to the official announcement, the exploit used an out of bounds read "plus a novel technique" to defeat V8 hardening and execute arbitrary code in the renderer.

Other Chromium-based web browsers are also affected by the issue, as it affects a shared component. Some of the browsers may have been updated already as a reaction to the reported security issue.

Closing Words

The Pwn2Own competition is notorious for finding and exploiting vulnerabilities in all kinds of products. Browsers have been a high priority target ever since the hacking competition opened its doors.

Browsers are a lucrative target as successful exploits open up lots of opportunities. This ranges from data extractions and manipulations of content in browsers to cookie or password stealing.

Mozilla and Microsoft addressed 0-day vulnerabilities in Firefox and Edge as well, as the browsers were also exploited during the competition.

Google announced a new project this week in an attempt to prevent cookie stealing. The company hopes that this project will become a new web standard. At its core, it is binding cookies to the system they were created on.

Do you keep your browsers up to date?