Google fixes Chrome zero-days exploited at Pwn2Own 2024


Google patched seven security vulnerabilities in Chrome, including two zero-days exploited during Pwn2Own Vancouver 2024. The first zero-day (CVE-2024-2887) involved a high-severity type confusion flaw in WebAssembly, while the second (CVE-2024-2886) was a use-after-free weakness in the WebCodecs API. Both vulnerabilities allowed for remote code execution. Google released patches for these zero-days in Chrome version 123.0.6312.86/.87 for Windows and Mac, and 123.0.6312.86 for Linux users. Mozilla also fixed two Firefox zero-days exploited at Pwn2Own on the same day they were demonstrated.

Read More…