Google has rolled out security updates for the Chrome web browser to tackle a significant-severity zero-working day flaw that it said has been exploited in the wild.
The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-dependent buffer overflow bug in the WebRTC framework that could be exploited to end result in program crashes or arbitrary code execution.
Clément Lecigne and Vlad Stolyarov of Google’s Danger Assessment Team (TAG) have been credited with identifying and reporting the flaw.
No other specifics about the security defect have been introduced to prevent more abuse, with Google acknowledging that “an exploit for CVE-2023-7024 exists in the wild.”
The enhancement marks the resolution of the eighth actively exploited zero-working day in Chrome given that the get started of the year –
- CVE-2023-2033 (CVSS rating: 8.8) – Variety confusion in V8
- CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
- CVE-2023-3079 (CVSS rating: 8.8) – Form confusion in V8
- CVE-2023-4762 (CVSS rating: 8.8) – Kind confusion in V8
- CVE-2023-4863 (CVSS rating: 8.8) – Heap buffer overflow in WebP
- CVE-2023-5217 (CVSS score: 8.8) – Heap buffer overflow in vp8 encoding in libvpx
- CVE-2023-6345 (CVSS rating: 9.6) – Integer overflow in Skia
A total of 26,447 vulnerabilities have been disclosed so significantly in 2023, surpassing the former 12 months by around 1,500 CVEs, according to information compiled by Qualys, with 115 flaws exploited by risk actors and ransomware groups.
Distant code execution, security function bypass, buffer manipulation, privilege escalation, and input validation and parsing flaws emerged as the top rated vulnerability styles.
Customers are proposed to upgrade to Chrome variation 120..6099.129/130 for Windows and 120..6099.129 for macOS and Linux to mitigate possible threats.
Customers of Chromium-centered browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to utilize the fixes as and when they come to be out there.
Found this posting interesting? Follow us on Twitter and LinkedIn to read through additional exclusive content we publish.
Some parts of this article are sourced from:
thehackernews.com