Google Patches Critical Chrome Vulnerability

24-Apr-24

The critical vulnerability, tracked as CVE-2024-4058, has been described as a type confusion bug in the ANGLE graphics layer engine.


Considering that it has been assigned a ‘critical’ severity rating, the flaw can likely be exploited remotely for arbitrary code execution or sandbox escapes with limited user interaction.


Qrious Secure describes itself as a group of “experienced hackers who love nothing more than finding vulnerabilities and vulnerabilities and exploiting them for fun and profit”.


The group has reported at least two other Chrome vulnerabilities to Google: CVE-2024-0517, which allows remote code execution, and CVE-2024-0223, which the researchers said “can be exploited directly from JavaScript, potentially granting GPU privilege permissions”. Both were patched earlier this year.

Read More…