Google has pushed out an urgent Chrome browser update to fix a trio of high-severity security defects and warned that one of the bugs is already being exploited in the wild.
The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine.
As is customary, Google did not provide any additional details on scope of the observed attacks or share telemetry to help defenders hunt for signs of compromise.
A barebones advisory simply notes: “Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild.”
The company said the zero-day was reported anonymously.
The latest Chrome browser refresh also provides cover for two additional memory safety issues in V8 that are rated high-risk. Google said the update also includes multiple fixes found internally from audits, fuzzing and other initiatives.
The new security patch comes just weeks after Google shipped patches for multiple memory safety issues that expose users to code execution attacks.
In 2023, Google patched at least seven zero-days discovered during in-the-wild exploitation.
Related: Remotely Exploitable Flaws in Tianocore EDK II PXE Implementation
Related: VMware Patches Critical Aria Automation Vulnerability
Related: Remote Code Execution Bug in Opera File Sharing Feature
Related: GitLab Haunted by Critical Password Reset Vulnerability
