Google Chrome < 120.0.6099.234
Chrome's JavaScript engine contains a memory access bug that attackers are actively exploiting to compromise systems — update immediately.
A malicious web page containing crafted JavaScript can trigger the memory corruption, potentially leading to arbitrary code execution in the Chrome renderer process. Active exploitation was confirmed by Google's Threat Analysis Group, indicating real-world attacks against Chrome users.
Google Chrome's V8 JavaScript engine contains an out-of-bounds memory access vulnerability that can be triggered by specially crafted JavaScript. V8 is the core engine that executes all JavaScript on every web page loaded in Chrome. The vulnerability is present in all Chrome versions before 120.0.6099.234 and was confirmed as actively exploited before the patch release.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
Affected OS versions
This vulnerability was part of a series of Chrome V8 zero-days exploited in January 2024. Browser-based exploitation remains one of the most common initial access techniques for both targeted attacks and commodity malware.
Manual remediation steps
⏱ 10 minutesCheck Current Version
(Get-ItemProperty 'HKLM:\SOFTWARE\Google\Chrome\BLBeacon').version
Update Chrome
Verification
(Get-ItemProperty 'HKLM:\SOFTWARE\Google\Chrome\BLBeacon').version
# Must show 120.0.6099.234 or later
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References