Table of Contents
On January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as "CVE-2024-0519", which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability is being actively exploited.
```htmlGoogle Chromium Zero-day Vulnerability CVE-2024-0519
Google Chromium Zero-day Vulnerability CVE-2024-0519
History:
19/01/2024 - v1.0 - Initial publication
Summary:
On January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as CVE-2024-0519, which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability is being actively exploited.
Technical Details:
CVE-2024-0519 is a critical vulnerability in the V8 JavaScript and WebAssembly engine used by Chromium-based browsers. It allows remote attackers to potentially exploit heap corruption via a crafted HTML page, leading to out-of-bounds memory access.
Affected Products:
Google Chrome prior to version 120.0.6099.234 for Mac and 120.0.6099.224 for Linux and 120.0.6099.224/225 for Windows are impacted. Other Chromium-based web browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are possibly impacted.
Recommendations:
- It is recommended updating the Google Chrome browser to the latest version as it includes patches for CVE-2024-0519 and other vulnerabilities.
- It is recommended to enable automatic updates for Chrome to ensure timely application of security patches.
- It is also recommended keeping other Chromium-based browsers up-to-date.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-0519
- https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
```
```htmlMITRE ATT&CK Matrix for CVE-2024-0519
MITRE ATT&CK Matrix for CVE-2024-0519
Enterprise Layer
| Tactic | Technique/Sub-Technique | Potential Attacker Groups | Mitigation Techniques |
|---|---|---|---|
| Initial Access | T1190 - Exploit Public-Facing Application | APT Groups known to target web browsers | M1051 - Update Software |
| Execution | T1203 - Exploitation for Client Execution | Unspecified; potential exploitation in the wild | M1051 - Update Software |
| Impact | T1499 - Endpoint Denial of Service - Sub-Technique: T1499.005 - Stored Data Manipulation |
Exploit developers and malicious actors seeking to cause disruption | M1051 - Update Software M1018 - Application Isolation and Sandboxing |
Mobile Layer
No specific techniques applicable for the CVE-2024-0519 in the mobile context given the advisory.
ICS Layer
No specific techniques applicable for the CVE-2024-0519 in the ICS context given the advisory.
References
``` Please note that the details in this matrix are based on typical attacker behavior and the nature of the vulnerability, as specific attacker groups exploiting CVE-2024-0519 have not been identified in the provided advisory. The mitigation recommendations are also based on best practices for a vulnerability of this type.
This post was generated entirely by an AI language model. Source: CERT EU
