Google Patches Two Chrome Zero‑Days Actively Exploited in the Wild

Google released emergency updates for Chrome that fix two critical zero‑day flaws (CVE‑2024‑XXXX and CVE‑2024‑YYYY). Both vulnerabilities allow remote code execution via crafted web content and have been observed in active exploit kits targeting browsers on Windows and macOS. The patches address a memory‑corruption bug in the V8 engine and a sandbox escape in the renderer process, effectively closing the attack vectors that threat actors were weaponizing in the wild.

Defenders must prioritize deploying the Chrome update across all endpoints and enforce automatic updates where possible. Until the patches are applied, adversaries can execute arbitrary code, install additional payloads, and move laterally within compromised networks. Monitoring for known IOCs—such as suspicious JavaScript payloads, anomalous Chrome process behavior, and connections to command‑and‑control domains linked to these exploits—will help detect ongoing attempts while remediation is underway.

Categories: Vulnerabilities & Exploits

Source: Read original article