Urgent: New Zero-Day vulnerability in Chrome exploited in the wild

New Chrome Zero-Day Vulnerability

Google has rolled out security updates for the Chrome web browser to address a very serious zero-day flaw that has reportedly been exploited in the wild.

The vulnerability to which the CVE identifier is assigned CVE-2023-7024has been described as a heap-based buffer overflow bug in the WebRTC framework that can be exploited to result in application crashes or arbitrary code execution.

Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) are credited with discovering and reporting the flaw on December 19, 2023.

No other details about the security flaw have been released to prevent further abuse at Google acknowledge that “an exploit for CVE-2023-7024 exists in the wild.”

Since WebRTC is an open-source project and is also supported by Mozilla Firefox and Apple Safari, it is currently unclear whether the flaw will have any impact beyond Chrome and Chromium-based browsers.

The development marks the fix for the eighth zero-day actively exploited in Chrome since the beginning of the year –

A total of 26,447 vulnerabilities have been disclosed so far in 2023, surpassing the previous year by more than 1,500 CVEs. data collected by Qualyswith 115 flaws exploited by threat actors and ransomware groups.

Remote code execution, security feature bypass, buffer manipulation, privilege escalation, and input validation and parsing errors emerged as the top types of vulnerabilities.

Users are recommended to upgrade to Chrome version 120.0.6099.129/130 for Windows and 120.0.6099.129 for macOS and Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi are also advised to apply the fixes as they become available.



#Urgent #ZeroDay #vulnerability #Chrome #exploited #wild

Total
0
Shares
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Previous Post
MS Excel Vulnerability

Hackers exploit MS Excel’s vulnerability to spread Agent Tesla malware

Next Post
Microsoft

Microsoft warns of new ‘FalseFont’ backdoor aimed at defense sector

Related Posts