Recently, Google has warned about a Zero-day vulnerability in the V8 open-source engine. The flaw results from a heap-buffer overflow. Heap-buffer overflow is a class of vulnerability where the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed. If a buffer-overflow occurs, it typically causes the affected program to behave incorrectly, causing memory access errors and crashes thereby opening the door to remote code execution.
Researchers have observed that the vulnerability in the V8 open-source engine is being actively exploited by attackers. Though Google didn’t provide further details of the attackers exploiting the flaw, researchers suggest that the attack was used against security researchers working on vulnerability research and development at different companies and organizations.
As preventive measures, researchers have urged Google Chrome users to update as soon as possible. The flaw is only the latest security issue in Google Chrome in recent months and Chrome will update to its newest version automatically.