Type Confusion in WebAssembly in Google Chrome before 123.0.6312.86 allowed a remote malicious user to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Google fixes one more Chrome zero-day exploited at Pwn2Own By Sergiu Gatlan April 3, 2024 12:39 PM 0 Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month. Tracked as CVE-2024-3159, this high-severity security flaw is caused by an out-of-bounds read weakness in the Chrome V8 JavaScript engine. Remote attackers can exploit the vulnerability using crafted HTML pages to gain access to data bey...
Google fixes Chrome zero-days exploited at Pwn2Own 2024 By Sergiu Gatlan March 27, 2024 02:44 PM 0 Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. The first (tracked as CVE-2024-2887) is a high-severity type confusion weakness in the WebAssembly (Wasm) open standard. Manfred Paul demoed this vulnerability on the first day of Pwn2Own as part of a double-tap remote code execut...