1 min read

Mitigation Instructions for CVE-2024- 0519

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team : Feb 23, 2024 4:42:48 PM

Mitigation Instructions for CVE-2024- 0519

SUBJECT: Critical RCE Vulnerability (CVE-2024-0519) in Google Chrome - Update Immediately

TECH STACK: Google Chrome versions prior to 120.0.6099.224

DATE(S) ISSUED: 01/16/2024

NVD Last Modified: 01/22/2024

CRITICALITY: HIGH (Base Score 8.8)

OVERVIEW: 

A critical remote code execution (RCE) vulnerability exists in Google Chrome due to an out-of-bounds memory access in V8. This vulnerability allows attackers to potentially exploit heap corruption via a crafted HTML page, leading to the execution of arbitrary code on affected devices. This vulnerability is actively exploited in the wild, posing a significant risk to users browsing the internet with vulnerable versions of Chrome.

SOLUTION/MITIGATION: 

The most effective mitigation is to update Google Chrome to version 120.0.6099.224 or later as soon as possible. This update patches the vulnerability and significantly reduces the risk of exploitation.

  • Here's how to update Chrome:
  1. Open Chrome.
  2. Click on the three vertical dots in the top right corner of the browser window.
  3. Select "Help" -> "About Google Chrome".
  4. Chrome will automatically check for updates. If an update is available, it will download and install automatically.
  5. Once the update is complete, relaunch Chrome to apply the changes.

Additional mitigation steps:

  1. Disable JavaScript: While not recommended for general use, consider disabling JavaScript in Chrome if immediate patching is not possible. This will significantly reduce the risk of exploiting this vulnerability, but may also break the functionality of many websites.
  2. Enable sandboxing: Chrome sandboxes each website you visit, helping to contain any potential exploits. Ensure sandboxing is enabled in your Chrome settings.
  3. Use a security extension: Consider using a security extension that can help block malicious websites and scripts. Choose a reputable extension with good reviews and security practices.

Additional mitigation steps:

  • Verify that you are using Chrome version 120.0.6099.224 or later by going to "Help" -> "About Google Chrome".
  • For more information and detailed instructions, refer to the following resources:
  1. Google Chrome Release Notes

REFERENCES:
Mitigation Instructions for Redis Server Unprotected by Password Authentication

Mitigation Instructions for Redis Server Unprotected by Password Authentication

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team: Aug 30, 2024 11:57:18 AM

Subject: Redis Server Unprotected by Password Authentication

security
Read More
Mitigation Instructions for Drupal SEoL (6.x)

Mitigation Instructions for Drupal SEoL (6.x)

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team: Jul 17, 2024 12:28:55 PM

Subject: Drupal Unsupported Version Detection (6.x)

security
Read More
Mitigation Instructions for Microsoft SQL Server Unsupported Version Detection (remote check)

Mitigation Instructions for Microsoft SQL Server Unsupported Version Detection (remote check)

Picture of CyRisk Vulnerability Management Team CyRisk Vulnerability Management Team: Jul 17, 2024 12:24:56 PM

Subject: Microsoft SQL Server Unsupported Version Detection

security
Read More