The publication warns that you should not wait for the browser to update automatically and recommends that users install the update immediately. To make sure the update is installed, you should close and restart Chrome. It should be borne in mind that the first two vulnerability can touch several web browsers using Chromium-Google Chrome, Microsoft Edge and Opera. The first Chrome warning "Update now" was May 9, when Google warned that he knew about the existence of CV-2024-4947 vulnerability.
It was the problem of use after release, when indicators for liberated memory are not removed and therefore they can be abused. The attackers can use UAF to transmit an arbitrary code (or reference to it) to the program and go to the start of the code with the "hanging" index. Thus, performing a harmful code can allow the cybercrime to get control over the victim system. On May 13, the vulnerability of CVE-2024-4761 forced Google to warn of the threat.
This time it was a vulnerability of memory that goes beyond, which touches the JavaScript two of the Chrome V8. Problems of this type allow the attacker to attack Chrome with harmful HTML pages. Such vulnerability can lead to the disclosure of confidential information, as well as the risk of system failure or software that can allow the attacker to access this data.
On May 15, Google warned that the vulnerability of CV-2024-4947 led to another memory problem-the vulnerability of "Type confusion", which is attacked by users with the HTML created. Type confusion occurs when the software tries to access incompatible resources bypassing the security system. All these vulnerability can destabilize a browser or device, but can also be used to start other expressions.
All three vulnerability has already been added to the CISA - a catalog of well -known vulnerabilities (KEV) of the US Cyber Security and Security Agency. The agency has up to 3, 6 and 10 June, respectively, take measures to mitigate the consequences in accordance with the developer's instructions. Earlier, we wrote that the dangerous Brokewell program can steal all the data and money.
All rights reserved IN-Ukraine.info - 2022