Google Chrome Zero-day Exploited in the Wild: Patch Now!
- С сайта: Zero-Day(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Zero-Day(cybersecuritynews.com)
Google has released urgent upgrades to fix the Chrome zero-day high-severity vulnerability that has been widely exploited, which could lead to software crashes or arbitrary code execution.
To address the actively exploited zero-day vulnerability, the stable channel will be updated to 120.0.6099.129 for Mac and Linux and 120.0.6099.129/130 for Windows. Over the coming days and weeks, the update will be implemented.
Chrome Zero-day Bug Details- CVE-2023-7024
The CVE-2023-7024 vulnerability has been defined as a heap-based buffer overflow flaw in the WebRTC framework that might be exploited to cause software crashes or arbitrary code execution.
“Google is aware that an exploit for CVE-2023-7024 exists in the wild”, Google said.
The issue was found and reported by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group (TAG).
Yesterday @_clem1 and @vladhiewsha discovered and reported a new ITW 0-day to the Chrome team. TODAY, 1 day later, Chrome has a fix out to protect users!!! Thank you, Chrome! CVE-2023-7024https://t.co/2tkx0Zc9pf
— Maddie Stone (@maddiestone) December 20, 2023
Google withheld information regarding the attacks that took use of the vulnerability in the wild.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed”, Google reports.
With the release of this update, Chrome’s eighth actively exploited zero-day since the year’s beginning has been patched. The lists are as follows:
Update Now
Google strongly recommends users update their Chrome web browser immediately to prevent exploitation. To update the Chrome web browser, you have to follow a few simple steps that we have mentioned below:-
#Cyber_Security_News #Google #Vulnerability #Zero-Day #cyber_security #cyber_security_news #vulerability
Оригинальная версия на сайте:
Google Chrome Zero-day Exploited in the Wild: Patch Now!
Author: GuruGoogle has released urgent upgrades to fix the Chrome zero-day high-severity vulnerability that has been widely exploited, which could lead to software crashes or arbitrary code execution.
To address the actively exploited zero-day vulnerability, the stable channel will be updated to 120.0.6099.129 for Mac and Linux and 120.0.6099.129/130 for Windows. Over the coming days and weeks, the update will be implemented.
Chrome Zero-day Bug Details- CVE-2023-7024
The CVE-2023-7024 vulnerability has been defined as a heap-based buffer overflow flaw in the WebRTC framework that might be exploited to cause software crashes or arbitrary code execution.
“Google is aware that an exploit for CVE-2023-7024 exists in the wild”, Google said.
The issue was found and reported by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group (TAG).
Yesterday @_clem1 and @vladhiewsha discovered and reported a new ITW 0-day to the Chrome team. TODAY, 1 day later, Chrome has a fix out to protect users!!! Thank you, Chrome! CVE-2023-7024https://t.co/2tkx0Zc9pf— Maddie Stone (@maddiestone) December 20, 2023
Google withheld information regarding the attacks that took use of the vulnerability in the wild.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed”, Google reports.
With the release of this update, Chrome’s eighth actively exploited zero-day since the year’s beginning has been patched. The lists are as follows:
- CVE-2023-2033 – Type Confusion in V8
- CVE-2023-2136 – Integer overflow in the Skia graphics library
- CVE-2023-3079 – Type Confusion in V8
- CVE-2023-4863 – Heap buffer overflow in WebP
- CVE-2023-5217 – Heap buffer overflow in vp8 encoding in libvpx
- CVE-2023-6345 – Integer overflow in Skia graphics library
- CVE-2023-4762 – Type Confusion in V8
Update Now
Google strongly recommends users update their Chrome web browser immediately to prevent exploitation. To update the Chrome web browser, you have to follow a few simple steps that we have mentioned below:-
- Go to the Settings option.
- Select About Chrome.
- Wait, as Chrome will automatically fetch and download the latest update.
- Then, wait for the latest version to be installed.
- Once the installation process completes, you have to restart Chrome.
- Now you are done.
#Cyber_Security_News #Google #Vulnerability #Zero-Day #cyber_security #cyber_security_news #vulerability
Оригинальная версия на сайте:
