Live Threat Map
Google has released urgent upgrades to fix the Chrome zero-day high-severity vulnerability that has been widely exploited, which could lead to software crashes or arbitrary code execution.
To address the actively exploited zero-day vulnerability, the stable channel will be updated to 120.0.6099.129 for Mac and Linux and 120.0.6099.129/130 for Windows. Over the coming days and weeks, the update will be implemented.
Chrome Zero-day Bug Details- CVE-2023-7024
The CVE-2023-7024 vulnerability has been defined as a heap-based buffer overflow flaw in the WebRTC framework that might be exploited to cause software crashes or arbitrary code execution.
“Google is aware that an exploit for CVE-2023-7024 exists in the wild”, Google said.
The issue was found and reported by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group (TAG).
Google withheld information regarding the attacks that took use of the vulnerability in the wild.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed”, Google reports.
With the release of this update, Chrome’s eighth actively exploited zero-day since the year’s beginning has been patched. The lists are as follows:
- CVE-2023-2033 – Type Confusion in V8
- CVE-2023-2136 – Integer overflow in the Skia graphics library
- CVE-2023-3079 – Type Confusion in V8
- CVE-2023-4863 – Heap buffer overflow in WebP
- CVE-2023-5217 – Heap buffer overflow in vp8 encoding in libvpx
- CVE-2023-6345 – Integer overflow in Skia graphics library
- CVE-2023-4762 – Type Confusion in V8
Update Now
Google strongly recommends users update their Chrome web browser immediately to prevent exploitation. To update the Chrome web browser, you have to follow a few simple steps that we have mentioned below:-
- Go to the Settings option.
- Select About Chrome.
- Wait, as Chrome will automatically fetch and download the latest update.
- Then, wait for the latest version to be installed.
- Once the installation process completes, you have to restart Chrome.
- Now you are done.
Read the full article here