{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-012.pdf"
    },
    "title": "Vulnerability in Chrome",
    "serial_number": "2024-012",
    "publish_date": "19-01-2024 16:14:59",
    "description": "On January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as \"CVE-2024-0519\", which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability is being actively exploited.<br>\n",
    "url_title": "2024-012",
    "content_markdown": "--- \ntitle: 'Vulnerability in\u00a0Chrome'\nnumber: '2024-012'\nversion: '1.0'\noriginal_date: 'January 16, 2024'\ndate: 'January 19, 2024'\n---\n\n_History:_\n\n* _19/01/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as `CVE-2024-0519`, which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability is being actively exploited.\n\n# Technical Details\n\n`CVE-2024-0519` is a critical vulnerability in the V8 JavaScript and WebAssembly engine used by Chromium-based browsers. It allows remote attackers to potentially exploit heap corruption via a crafted HTML page, leading to out-of-bounds memory access. \n\n# Affected Products\n\n- Google Chrome prior to version 120.0.6099.234 for Mac and 120.0.6099.224 for Linux and 120.0.6099.224/225 for Windows are impacted;\n- Other Chromium-based web browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are possibly impacted.\n\n# Recommendations\n\nIt is recommended updating the Google Chrome browser to the latest version as it includes patches for `CVE-2024-0519` and other vulnerabilities. It is recommended to enable automatic updates for Chrome to ensure timely application of security patches.\n\nIt is also recommended keeping other Chromium-based browser up-to-date.\n\n# References\n\n[1] <https://nvd.nist.gov/vuln/detail/CVE-2024-0519>\n\n[2] <https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html>",
    "content_html": "<p><em>History:</em></p><ul><li><em>19/01/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as <code>CVE-2024-0519</code>, which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability is being actively exploited.</p><h2 id=\"technical-details\">Technical Details</h2><p><code>CVE-2024-0519</code> is a critical vulnerability in the V8 JavaScript and WebAssembly engine used by Chromium-based browsers. It allows remote attackers to potentially exploit heap corruption via a crafted HTML page, leading to out-of-bounds memory access. </p><h2 id=\"affected-products\">Affected Products</h2><ul><li>Google Chrome prior to version 120.0.6099.234 for Mac and 120.0.6099.224 for Linux and 120.0.6099.224/225 for Windows are impacted;</li><li>Other Chromium-based web browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are possibly impacted.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended updating the Google Chrome browser to the latest version as it includes patches for <code>CVE-2024-0519</code> and other vulnerabilities. It is recommended to enable automatic updates for Chrome to ensure timely application of security patches.</p><p>It is also recommended keeping other Chromium-based browser up-to-date.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-0519\">https://nvd.nist.gov/vuln/detail/CVE-2024-0519</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html\">https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}