Google has rolled out security updates for the Chrome web browser to deal with a higher-severity zero-day flaw that it explained has been exploited in the wild.
The vulnerability, assigned the CVE identifier CVE-2023-7024, has been explained as a heap-centered buffer overflow bug in the WebRTC framework that could be exploited to outcome in software crashes or arbitrary code execution.
Clément Lecigne and Vlad Stolyarov of Google’s Danger Analysis Group (TAG) have been credited with discovering and reporting the flaw.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
No other particulars about the security defect have been released to reduce even more abuse, with Google acknowledging that “an exploit for CVE-2023-7024 exists in the wild.”
The improvement marks the resolution of the eighth actively exploited zero-day in Chrome because the start out of the 12 months –
- CVE-2023-2033 (CVSS rating: 8.8) – Sort confusion in V8
- CVE-2023-2136 (CVSS rating: 9.6) – Integer overflow in Skia
- CVE-2023-3079 (CVSS rating: 8.8) – Form confusion in V8
- CVE-2023-4762 (CVSS score: 8.8) – Style confusion in V8
- CVE-2023-4863 (CVSS score: 8.8) – Heap buffer overflow in WebP
- CVE-2023-5217 (CVSS rating: 8.8) – Heap buffer overflow in vp8 encoding in libvpx
- CVE-2023-6345 (CVSS score: 9.6) – Integer overflow in Skia
A total of 26,447 vulnerabilities have been disclosed so much in 2023, surpassing the past calendar year by above 1,500 CVEs, in accordance to details compiled by Qualys, with 115 flaws exploited by threat actors and ransomware groups.
Distant code execution, security feature bypass, buffer manipulation, privilege escalation, and input validation and parsing flaws emerged as the major vulnerability types.
Customers are recommended to upgrade to Chrome model 120..6099.129/130 for Windows and 120..6099.129 for macOS and Linux to mitigate potential threats.
Customers of Chromium-based mostly browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to utilize the fixes as and when they come to be offered.
Identified this article exciting? Comply with us on Twitter and LinkedIn to examine more distinctive material we put up.
Some sections of this write-up are sourced from:
thehackernews.com
Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster