Google has rolled out security updates for the Chrome net browser to deal with a high-severity zero-day flaw that it mentioned has been exploited within the wild.
The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug within the WebRTC framework that may very well be exploited to lead to program crashes or arbitrary code execution.
Clément Lecigne and Vlad Stolyarov of Google’s Risk Evaluation Group (TAG) have been credited with discovering and reporting the flaw.
No different particulars concerning the security defect have been launched to stop additional abuse, with Google acknowledging that “an exploit for CVE-2023-7024 exists within the wild.”
The event marks the decision of the eighth actively exploited zero-day in Chrome because the begin of the 12 months –
A complete of 26,447 vulnerabilities have been disclosed to date in 2023, surpassing the earlier 12 months by over 1,500 CVEs, in keeping with knowledge compiled by Qualys, with 115 flaws exploited by menace actors and ransomware teams.
Distant code execution, security function bypass, buffer manipulation, privilege escalation, and enter validation and parsing flaws emerged as the highest vulnerability varieties.
Customers are advisable to improve to Chrome model 120.0.6099.129/130 for Home windows and 120.0.6099.129 for macOS and Linux to mitigate potential threats.
Customers of Chromium-based browsers reminiscent of Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they turn out to be accessible.
