Google mounted seven safety vulnerabilities within the Chrome internet browser on Tuesday, together with two zero-days exploited through the Pwn2Own Vancouver 2024 hacking competitors.
The primary (tracked as CVE-2024-2887) is a high-severity sort confusion weak point within the WebAssembly (Wasm) open commonplace. Manfred Paul demoed this vulnerability on the primary day of Pwn2Own as a part of a double-tap distant code execution (RCE) exploit utilizing a crafted HTML web page and focusing on each Chrome and Edge.
The second zero-day is tracked as CVE-2024-2886 and was exploited by KAIST Hacking Lab’s Seunghyun Lee through the second day of the CanSecWest Pwn2Own contest.
Described as a use-after-free (UAF) weak point within the WebCodecs API utilized by internet apps to encode and decode audio and video content material, it permits distant attackers to carry out arbitrary reads/writes through crafted HTML pages.
Lee additionally used CVE-2024-2886 to realize distant code execution utilizing a single exploit focusing on each Google Chrome and Microsoft Edge.
Google mounted the 2 zero-days within the Google Chrome secure channel, model 123.0.6312.86/.87 for Home windows and Mac and 123.0.6312.86 for Linux customers, which is able to roll out worldwide over the approaching days.
Mozilla additionally mounted two Firefox zero-days exploited by Manfred Paul at Pwn2Own Vancouver 2024 on the identical day the bugs had been demoed.
Whereas it solely took Mozille someday and Google 5 days to patch these vulnerabilities, distributors normally take their time to launch patches for safety flaws demoed at Pwn2Own since they’ve 90 days to push fixes till Pattern Micro’s Zero Day Initiative publicly discloses bug particulars.
In January, Google additionally patched an actively exploited zero-day in Chrome (CVE-2024-0519) that allowed attackers to entry delicate data or crash unpatched browsers resulting from an out-of-bounds reminiscence entry weak point within the Chrome V8 JavaScript engine.
The Pwn2Own 2024 Vancouver competitors concluded on March 22, with safety researchers incomes $1,132,500 for demonstrating 29 zero-day exploits and exploit chains over two days.
Manfred Paul emerged as this yr’s winner with $202,500 in money prizes after taking down the Apple Safari, Google Chrome, and Microsoft Edge internet browsers.
Google mounted seven safety vulnerabilities within the Chrome internet browser on Tuesday, together with two zero-days exploited through the Pwn2Own Vancouver 2024 hacking competitors.
The primary (tracked as CVE-2024-2887) is a high-severity sort confusion weak point within the WebAssembly (Wasm) open commonplace. Manfred Paul demoed this vulnerability on the primary day of Pwn2Own as a part of a double-tap distant code execution (RCE) exploit utilizing a crafted HTML web page and focusing on each Chrome and Edge.
The second zero-day is tracked as CVE-2024-2886 and was exploited by KAIST Hacking Lab’s Seunghyun Lee through the second day of the CanSecWest Pwn2Own contest.
Described as a use-after-free (UAF) weak point within the WebCodecs API utilized by internet apps to encode and decode audio and video content material, it permits distant attackers to carry out arbitrary reads/writes through crafted HTML pages.
Lee additionally used CVE-2024-2886 to realize distant code execution utilizing a single exploit focusing on each Google Chrome and Microsoft Edge.
Google mounted the 2 zero-days within the Google Chrome secure channel, model 123.0.6312.86/.87 for Home windows and Mac and 123.0.6312.86 for Linux customers, which is able to roll out worldwide over the approaching days.
Mozilla additionally mounted two Firefox zero-days exploited by Manfred Paul at Pwn2Own Vancouver 2024 on the identical day the bugs had been demoed.
Whereas it solely took Mozille someday and Google 5 days to patch these vulnerabilities, distributors normally take their time to launch patches for safety flaws demoed at Pwn2Own since they’ve 90 days to push fixes till Pattern Micro’s Zero Day Initiative publicly discloses bug particulars.
In January, Google additionally patched an actively exploited zero-day in Chrome (CVE-2024-0519) that allowed attackers to entry delicate data or crash unpatched browsers resulting from an out-of-bounds reminiscence entry weak point within the Chrome V8 JavaScript engine.
The Pwn2Own 2024 Vancouver competitors concluded on March 22, with safety researchers incomes $1,132,500 for demonstrating 29 zero-day exploits and exploit chains over two days.
Manfred Paul emerged as this yr’s winner with $202,500 in money prizes after taking down the Apple Safari, Google Chrome, and Microsoft Edge internet browsers.
Google mounted seven safety vulnerabilities within the Chrome internet browser on Tuesday, together with two zero-days exploited through the Pwn2Own Vancouver 2024 hacking competitors.
The primary (tracked as CVE-2024-2887) is a high-severity sort confusion weak point within the WebAssembly (Wasm) open commonplace. Manfred Paul demoed this vulnerability on the primary day of Pwn2Own as a part of a double-tap distant code execution (RCE) exploit utilizing a crafted HTML web page and focusing on each Chrome and Edge.
The second zero-day is tracked as CVE-2024-2886 and was exploited by KAIST Hacking Lab’s Seunghyun Lee through the second day of the CanSecWest Pwn2Own contest.
Described as a use-after-free (UAF) weak point within the WebCodecs API utilized by internet apps to encode and decode audio and video content material, it permits distant attackers to carry out arbitrary reads/writes through crafted HTML pages.
Lee additionally used CVE-2024-2886 to realize distant code execution utilizing a single exploit focusing on each Google Chrome and Microsoft Edge.
Google mounted the 2 zero-days within the Google Chrome secure channel, model 123.0.6312.86/.87 for Home windows and Mac and 123.0.6312.86 for Linux customers, which is able to roll out worldwide over the approaching days.
Mozilla additionally mounted two Firefox zero-days exploited by Manfred Paul at Pwn2Own Vancouver 2024 on the identical day the bugs had been demoed.
Whereas it solely took Mozille someday and Google 5 days to patch these vulnerabilities, distributors normally take their time to launch patches for safety flaws demoed at Pwn2Own since they’ve 90 days to push fixes till Pattern Micro’s Zero Day Initiative publicly discloses bug particulars.
In January, Google additionally patched an actively exploited zero-day in Chrome (CVE-2024-0519) that allowed attackers to entry delicate data or crash unpatched browsers resulting from an out-of-bounds reminiscence entry weak point within the Chrome V8 JavaScript engine.
The Pwn2Own 2024 Vancouver competitors concluded on March 22, with safety researchers incomes $1,132,500 for demonstrating 29 zero-day exploits and exploit chains over two days.
Manfred Paul emerged as this yr’s winner with $202,500 in money prizes after taking down the Apple Safari, Google Chrome, and Microsoft Edge internet browsers.
Google mounted seven safety vulnerabilities within the Chrome internet browser on Tuesday, together with two zero-days exploited through the Pwn2Own Vancouver 2024 hacking competitors.
The primary (tracked as CVE-2024-2887) is a high-severity sort confusion weak point within the WebAssembly (Wasm) open commonplace. Manfred Paul demoed this vulnerability on the primary day of Pwn2Own as a part of a double-tap distant code execution (RCE) exploit utilizing a crafted HTML web page and focusing on each Chrome and Edge.
The second zero-day is tracked as CVE-2024-2886 and was exploited by KAIST Hacking Lab’s Seunghyun Lee through the second day of the CanSecWest Pwn2Own contest.
Described as a use-after-free (UAF) weak point within the WebCodecs API utilized by internet apps to encode and decode audio and video content material, it permits distant attackers to carry out arbitrary reads/writes through crafted HTML pages.
Lee additionally used CVE-2024-2886 to realize distant code execution utilizing a single exploit focusing on each Google Chrome and Microsoft Edge.
Google mounted the 2 zero-days within the Google Chrome secure channel, model 123.0.6312.86/.87 for Home windows and Mac and 123.0.6312.86 for Linux customers, which is able to roll out worldwide over the approaching days.
Mozilla additionally mounted two Firefox zero-days exploited by Manfred Paul at Pwn2Own Vancouver 2024 on the identical day the bugs had been demoed.
Whereas it solely took Mozille someday and Google 5 days to patch these vulnerabilities, distributors normally take their time to launch patches for safety flaws demoed at Pwn2Own since they’ve 90 days to push fixes till Pattern Micro’s Zero Day Initiative publicly discloses bug particulars.
In January, Google additionally patched an actively exploited zero-day in Chrome (CVE-2024-0519) that allowed attackers to entry delicate data or crash unpatched browsers resulting from an out-of-bounds reminiscence entry weak point within the Chrome V8 JavaScript engine.
The Pwn2Own 2024 Vancouver competitors concluded on March 22, with safety researchers incomes $1,132,500 for demonstrating 29 zero-day exploits and exploit chains over two days.
Manfred Paul emerged as this yr’s winner with $202,500 in money prizes after taking down the Apple Safari, Google Chrome, and Microsoft Edge internet browsers.
Google mounted seven safety vulnerabilities within the Chrome internet browser on Tuesday, together with two zero-days exploited through the Pwn2Own Vancouver 2024 hacking competitors.
The primary (tracked as CVE-2024-2887) is a high-severity sort confusion weak point within the WebAssembly (Wasm) open commonplace. Manfred Paul demoed this vulnerability on the primary day of Pwn2Own as a part of a double-tap distant code execution (RCE) exploit utilizing a crafted HTML web page and focusing on each Chrome and Edge.
The second zero-day is tracked as CVE-2024-2886 and was exploited by KAIST Hacking Lab’s Seunghyun Lee through the second day of the CanSecWest Pwn2Own contest.
Described as a use-after-free (UAF) weak point within the WebCodecs API utilized by internet apps to encode and decode audio and video content material, it permits distant attackers to carry out arbitrary reads/writes through crafted HTML pages.
Lee additionally used CVE-2024-2886 to realize distant code execution utilizing a single exploit focusing on each Google Chrome and Microsoft Edge.
Google mounted the 2 zero-days within the Google Chrome secure channel, model 123.0.6312.86/.87 for Home windows and Mac and 123.0.6312.86 for Linux customers, which is able to roll out worldwide over the approaching days.
Mozilla additionally mounted two Firefox zero-days exploited by Manfred Paul at Pwn2Own Vancouver 2024 on the identical day the bugs had been demoed.
Whereas it solely took Mozille someday and Google 5 days to patch these vulnerabilities, distributors normally take their time to launch patches for safety flaws demoed at Pwn2Own since they’ve 90 days to push fixes till Pattern Micro’s Zero Day Initiative publicly discloses bug particulars.
In January, Google additionally patched an actively exploited zero-day in Chrome (CVE-2024-0519) that allowed attackers to entry delicate data or crash unpatched browsers resulting from an out-of-bounds reminiscence entry weak point within the Chrome V8 JavaScript engine.
The Pwn2Own 2024 Vancouver competitors concluded on March 22, with safety researchers incomes $1,132,500 for demonstrating 29 zero-day exploits and exploit chains over two days.
Manfred Paul emerged as this yr’s winner with $202,500 in money prizes after taking down the Apple Safari, Google Chrome, and Microsoft Edge internet browsers.
Google mounted seven safety vulnerabilities within the Chrome internet browser on Tuesday, together with two zero-days exploited through the Pwn2Own Vancouver 2024 hacking competitors.
The primary (tracked as CVE-2024-2887) is a high-severity sort confusion weak point within the WebAssembly (Wasm) open commonplace. Manfred Paul demoed this vulnerability on the primary day of Pwn2Own as a part of a double-tap distant code execution (RCE) exploit utilizing a crafted HTML web page and focusing on each Chrome and Edge.
The second zero-day is tracked as CVE-2024-2886 and was exploited by KAIST Hacking Lab’s Seunghyun Lee through the second day of the CanSecWest Pwn2Own contest.
Described as a use-after-free (UAF) weak point within the WebCodecs API utilized by internet apps to encode and decode audio and video content material, it permits distant attackers to carry out arbitrary reads/writes through crafted HTML pages.
Lee additionally used CVE-2024-2886 to realize distant code execution utilizing a single exploit focusing on each Google Chrome and Microsoft Edge.
Google mounted the 2 zero-days within the Google Chrome secure channel, model 123.0.6312.86/.87 for Home windows and Mac and 123.0.6312.86 for Linux customers, which is able to roll out worldwide over the approaching days.
Mozilla additionally mounted two Firefox zero-days exploited by Manfred Paul at Pwn2Own Vancouver 2024 on the identical day the bugs had been demoed.
Whereas it solely took Mozille someday and Google 5 days to patch these vulnerabilities, distributors normally take their time to launch patches for safety flaws demoed at Pwn2Own since they’ve 90 days to push fixes till Pattern Micro’s Zero Day Initiative publicly discloses bug particulars.
In January, Google additionally patched an actively exploited zero-day in Chrome (CVE-2024-0519) that allowed attackers to entry delicate data or crash unpatched browsers resulting from an out-of-bounds reminiscence entry weak point within the Chrome V8 JavaScript engine.
The Pwn2Own 2024 Vancouver competitors concluded on March 22, with safety researchers incomes $1,132,500 for demonstrating 29 zero-day exploits and exploit chains over two days.
Manfred Paul emerged as this yr’s winner with $202,500 in money prizes after taking down the Apple Safari, Google Chrome, and Microsoft Edge internet browsers.
Google mounted seven safety vulnerabilities within the Chrome internet browser on Tuesday, together with two zero-days exploited through the Pwn2Own Vancouver 2024 hacking competitors.
The primary (tracked as CVE-2024-2887) is a high-severity sort confusion weak point within the WebAssembly (Wasm) open commonplace. Manfred Paul demoed this vulnerability on the primary day of Pwn2Own as a part of a double-tap distant code execution (RCE) exploit utilizing a crafted HTML web page and focusing on each Chrome and Edge.
The second zero-day is tracked as CVE-2024-2886 and was exploited by KAIST Hacking Lab’s Seunghyun Lee through the second day of the CanSecWest Pwn2Own contest.
Described as a use-after-free (UAF) weak point within the WebCodecs API utilized by internet apps to encode and decode audio and video content material, it permits distant attackers to carry out arbitrary reads/writes through crafted HTML pages.
Lee additionally used CVE-2024-2886 to realize distant code execution utilizing a single exploit focusing on each Google Chrome and Microsoft Edge.
Google mounted the 2 zero-days within the Google Chrome secure channel, model 123.0.6312.86/.87 for Home windows and Mac and 123.0.6312.86 for Linux customers, which is able to roll out worldwide over the approaching days.
Mozilla additionally mounted two Firefox zero-days exploited by Manfred Paul at Pwn2Own Vancouver 2024 on the identical day the bugs had been demoed.
Whereas it solely took Mozille someday and Google 5 days to patch these vulnerabilities, distributors normally take their time to launch patches for safety flaws demoed at Pwn2Own since they’ve 90 days to push fixes till Pattern Micro’s Zero Day Initiative publicly discloses bug particulars.
In January, Google additionally patched an actively exploited zero-day in Chrome (CVE-2024-0519) that allowed attackers to entry delicate data or crash unpatched browsers resulting from an out-of-bounds reminiscence entry weak point within the Chrome V8 JavaScript engine.
The Pwn2Own 2024 Vancouver competitors concluded on March 22, with safety researchers incomes $1,132,500 for demonstrating 29 zero-day exploits and exploit chains over two days.
Manfred Paul emerged as this yr’s winner with $202,500 in money prizes after taking down the Apple Safari, Google Chrome, and Microsoft Edge internet browsers.
Google mounted seven safety vulnerabilities within the Chrome internet browser on Tuesday, together with two zero-days exploited through the Pwn2Own Vancouver 2024 hacking competitors.
The primary (tracked as CVE-2024-2887) is a high-severity sort confusion weak point within the WebAssembly (Wasm) open commonplace. Manfred Paul demoed this vulnerability on the primary day of Pwn2Own as a part of a double-tap distant code execution (RCE) exploit utilizing a crafted HTML web page and focusing on each Chrome and Edge.
The second zero-day is tracked as CVE-2024-2886 and was exploited by KAIST Hacking Lab’s Seunghyun Lee through the second day of the CanSecWest Pwn2Own contest.
Described as a use-after-free (UAF) weak point within the WebCodecs API utilized by internet apps to encode and decode audio and video content material, it permits distant attackers to carry out arbitrary reads/writes through crafted HTML pages.
Lee additionally used CVE-2024-2886 to realize distant code execution utilizing a single exploit focusing on each Google Chrome and Microsoft Edge.
Google mounted the 2 zero-days within the Google Chrome secure channel, model 123.0.6312.86/.87 for Home windows and Mac and 123.0.6312.86 for Linux customers, which is able to roll out worldwide over the approaching days.
Mozilla additionally mounted two Firefox zero-days exploited by Manfred Paul at Pwn2Own Vancouver 2024 on the identical day the bugs had been demoed.
Whereas it solely took Mozille someday and Google 5 days to patch these vulnerabilities, distributors normally take their time to launch patches for safety flaws demoed at Pwn2Own since they’ve 90 days to push fixes till Pattern Micro’s Zero Day Initiative publicly discloses bug particulars.
In January, Google additionally patched an actively exploited zero-day in Chrome (CVE-2024-0519) that allowed attackers to entry delicate data or crash unpatched browsers resulting from an out-of-bounds reminiscence entry weak point within the Chrome V8 JavaScript engine.
The Pwn2Own 2024 Vancouver competitors concluded on March 22, with safety researchers incomes $1,132,500 for demonstrating 29 zero-day exploits and exploit chains over two days.
Manfred Paul emerged as this yr’s winner with $202,500 in money prizes after taking down the Apple Safari, Google Chrome, and Microsoft Edge internet browsers.