Google Fixes Chrome Flaw That Paid Hackers USD 42,500 at Pwn2Own​


Google has released a new Chrome update that fixes another zero-day vulnerability discovered at the Pwn2Own hacking contest in March.

The high-severity bug, designated CVE-2024-3159, is described as an out-of-bounds memory access issue in the V8 JavaScript and WebAssembly engine. Edouard Bochin and Tao Yan of Palo Alto Networks discovered and exploited the vulnerability during Pwn2Own Vancouver 2024. For their discovery, they were awarded a bug bounty of USD 42,500.

The researchers “used an OOB Read plus a novel technique for defeating V8 hardening to obtain arbitrary code execution in the renderer,” Trend Micro’s Zero Day Initiative (ZDI) announced on March 22. In addition to CVE-2024-3159, the most recent Chrome update addresses two other vulnerabilities discovered by external researchers.

Read More : Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.