Skip to main content

Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own

posted onApril 4, 2024
by l33tdawg
Security Week
Credit: Security Week

Google on Tuesday announced a new Chrome update that resolves another zero-day vulnerability demonstrated at the Pwn2Own hacking contest in March.

Tracked as CVE-2024-3159, the high-severity bug is described as an out-of-bounds memory access issue in the V8 JavaScript and WebAssembly engine. The flaw was exploited at Pwn2Own Vancouver 2024 by Edouard Bochin and Tao Yan from Palo Alto Networks, who received a $42,500 bug bounty reward for their finding.

The researchers “used an OOB Read plus a novel technique for defeating V8 hardening to get arbitrary code execution in the renderer,” Trend Micro’s Zero Day Initiative (ZDI) announced on March 22. CVE-2024-3159 is the third Chrome zero-day flaw demonstrated at Pwn2Own to have been resolved, after a Chrome update last week that addressed CVE-2024-2886 and CVE-2024-2887, a use-after-free in WebCodecs and a type confusion bug in WebAssembly, respectively. 

Source

Tags

Security Google

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th