CVE-2024-3159: Google Chrome Zero-Day Exploit Demonstrated at Pwn2Own
Google has urgently updated its Chrome web browser to patch a critical zero-day vulnerability, CVE-2024-3159, which was exploited during the Pwn2Own Vancouver 2024 hacking competition. This vulnerability, found in the V8 JavaScript engine, allowed for out-of-bounds memory access. Security researchers Edouard Bochin and Tao Yan from Palo Alto Networks demonstrated the exploit, emphasizing the importance of addressing such vulnerabilities promptly due to their attractiveness to attackers. In addition to CVE-2024-3159, Google fixed two other high-severity issues: CVE-2024-3156, related to an inappropriate implementation in V8 that could enable arbitrary code execution, and CVE-2024-3158, a use-after-free vulnerability in Bookmarks. The Pwn2Own event, which awarded $1,132,500 to researchers for uncovering 29 zero-day exploits, underscores the critical role of such competitions in identifying and mitigating vulnerabilities before they can be exploited maliciously. Chrome users are urged to update their browsers immediately to the latest version (123.0.6312.105/.106/.107 for Windows and Mac, and 123.0.6312.105 for Linux) to protect against these vulnerabilities. CVEs: CVE-2024-3156, CVE-2024-3158, CVE-2024-3159, CVE-2024-2887, CVE-2024-2886 [View Article](https://securityonline.info/cve-2024-3159-google-chrome-zero-day-exploit-demonstrated-at-pwn2own/)