Security

Mitigation Instructions for CVE-2024- 0519

Written by CyRisk Vulnerability Management Team | Feb 23, 2024 9:42:48 PM

SUBJECT: Critical RCE Vulnerability (CVE-2024-0519) in Google Chrome - Update Immediately

TECH STACK: Google Chrome versions prior to 120.0.6099.224

DATE(S) ISSUED: 01/16/2024

NVD Last Modified: 01/22/2024

CRITICALITY: HIGH (Base Score 8.8)

OVERVIEW: 

A critical remote code execution (RCE) vulnerability exists in Google Chrome due to an out-of-bounds memory access in V8. This vulnerability allows attackers to potentially exploit heap corruption via a crafted HTML page, leading to the execution of arbitrary code on affected devices. This vulnerability is actively exploited in the wild, posing a significant risk to users browsing the internet with vulnerable versions of Chrome.

SOLUTION/MITIGATION: 

The most effective mitigation is to update Google Chrome to version 120.0.6099.224 or later as soon as possible. This update patches the vulnerability and significantly reduces the risk of exploitation.

  • Here's how to update Chrome:
  1. Open Chrome.
  2. Click on the three vertical dots in the top right corner of the browser window.
  3. Select "Help" -> "About Google Chrome".
  4. Chrome will automatically check for updates. If an update is available, it will download and install automatically.
  5. Once the update is complete, relaunch Chrome to apply the changes.

Additional mitigation steps:

  1. Disable JavaScript: While not recommended for general use, consider disabling JavaScript in Chrome if immediate patching is not possible. This will significantly reduce the risk of exploiting this vulnerability, but may also break the functionality of many websites.
  2. Enable sandboxing: Chrome sandboxes each website you visit, helping to contain any potential exploits. Ensure sandboxing is enabled in your Chrome settings.
  3. Use a security extension: Consider using a security extension that can help block malicious websites and scripts. Choose a reputable extension with good reviews and security practices.

Additional mitigation steps:

  • Verify that you are using Chrome version 120.0.6099.224 or later by going to "Help" -> "About Google Chrome".
  • For more information and detailed instructions, refer to the following resources:
  1. Google Chrome Release Notes

REFERENCES: