On Tuesday, Google released a Chrome browser security update to address seven vulnerabilities exploited at the CanSecWest Pwn20wn hacking contest.
The vulnerability considered to be most severe was evident within a use-after-free bug in ANGLE which is the open source cross-platform graphics engine that is popular amongst other browsers and in Chrome. Four of the vulnerabilities were reported by external researchers, and three of these vulnerabilities are all considered “high-severity”. The first high-severity vulnerability in ANGLE awarded the researcher a $10,000 “bug bounty reward” for their discovery. The other three external vulnerabilities are present within a use-after-free issue in Dawn, and the remaining two are zero-day vulnerabilities. The two zero-day vulnerabilities were discovered at the Pwn20wn Vancouver 2024 hacking contest. Google has not announced any discovery of these vulnerabilities in the wild. However, the latest version of Chrome is being released as version 123.0.6312.86/.87 for Windows and Mac, and users are encouraged to update to the new version as soon as possible.
Read more:
https://www.securityweek.com/chrome-update-patches-zero-day-vulnerabilities-exploited-at-pwn2own/