Google has patched another Chrome vulnerability exploited on Pwn2Own.

Google has discovered and fixed another vulnerability in the Chrome browser that was exploited during the Pwn2Own hacking competition in March 2024.

The vulnerability CVE-2024-3159 relates to memory usage in the V8 JavaScript engine. It was demonstrated by security researchers Edouard Bochin and Tao Yan from Palo Alto Networks during the Pwn2Own 2024 competition on March 22, 2024.

For their work, they received $42,500 and 9 "Master of Pwn" points. The attacker can exploit this vulnerability by tricking the victim into visiting a specially crafted HTML page, allowing access to data outside the memory buffer, which could lead to a leak of confidential information or a crash.

Google also fixed other issues, including memory usage in V8 and a problem with bookmarks.

Important Points:

• Google has discovered and fixed another vulnerability in the Chrome browser that was exploited during the Pwn2Own hacking competition in March 2024.
• The vulnerability CVE-2024-3159 relates to memory usage in the V8 JavaScript engine. It was demonstrated by security researchers Edouard Bochin and Tao Yan from Palo Alto Networks during the Pwn2Own 2024 competition on March 22, 2024.
• For their work, they received $42,500 and 9 "Master of Pwn" points.
• The attacker can exploit this vulnerability by tricking the victim into navigating to a specially crafted HTML page, allowing access to data beyond the memory buffer, which could lead to a leak of confidential information or a crash.
• Google has also fixed other issues, including memory usage in V8 and a problem with bookmarks.
• At the end of March, Google fixed several vulnerabilities in the Chrome browser, including two zero-days that were exploited during the Pwn2Own Vancouver 2024 competition.