Google on Monday launched security updates to patch a large-severity flaw in its Chrome web browser that it stated is staying actively exploited in the wild.
Tracked as CVE-2023-3079, the vulnerability has been described as a style confusion bug in the V8 JavaScript motor. Clement Lecigne of Google’s Threat Investigation Team (TAG) has been credited with reporting the issue on June 1, 2023.
“Form confusion in V8 in Google Chrome prior to 114..5735.110 authorized a distant attacker to possibly exploit heap corruption by way of a crafted HTML site,” according to the NIST’s Countrywide Vulnerability Database (NVD).
The tech giant, as is usually the case, did not disclose facts of the character of the assaults, but observed it can be “aware that an exploit for CVE-2023-3079 exists in the wild.”
With the newest enhancement, Google has tackled a overall of three actively exploited zero-days in Chrome due to the fact the get started of the yr –
- CVE-2023-2033 (CVSS rating: 8.8) – Sort Confusion in V8
- CVE-2023-2136 (CVSS rating: 9.6) – Integer overflow in Skia
End users are proposed to update to edition 114..5735.110 for Windows and 114..5735.106 for macOS and Linux to mitigate possible threats. Buyers of Chromium-centered browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also recommended to use the fixes as and when they turn into obtainable.
Observed this report fascinating? Observe us on Twitter and LinkedIn to study much more exceptional information we put up.
Some parts of this article are sourced from:
thehackernews.com