Google Chrome Zero-day Exploited in the Wild: Patch Now!

Google has released urgent upgrades to fix the Chrome zero-day high-severity vulnerability that has been widely exploited, which could lead to software crashes or arbitrary code execution.

To address the actively exploited zero-day vulnerability, the stable channel will be updated to 120.0.6099.129 for Mac and Linux and 120.0.6099.129/130 for Windows. Over the coming days and weeks, the update will be implemented.

Chrome Zero-day Bug Details- CVE-2023-7024

The CVE-2023-7024 vulnerability has been defined as a heap-based buffer overflow flaw in the WebRTC framework that might be exploited to cause software crashes or arbitrary code execution.

“Google is aware that an exploit for CVE-2023-7024 exists in the wild”, Google said.

The issue was found and reported by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group (TAG).

💪🏼 Yesterday @_clem1 and @vladhiewsha discovered and reported a new ITW 0-day to the Chrome team. TODAY, 1 day later, Chrome has a fix out to protect users!!! Thank you, Chrome! CVE-2023-7024https://t.co/2tkx0Zc9pf

— Maddie Stone (@maddiestone) December 20, 2023

Google withheld information regarding the attacks that took use of the vulnerability in the wild.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed”, Google reports.

With the release of this update, Chrome’s eighth actively exploited zero-day since the year’s beginning has been patched. The lists are as follows:

1. CVE-2023-2033 – Type Confusion in V8

2. CVE-2023-2136 – Integer overflow in the Skia graphics library

3. CVE-2023-3079   – Type Confusion in V8

4. CVE-2023-4863  – Heap buffer overflow in WebP

5. CVE-2023-5217  – Heap buffer overflow in vp8 encoding in libvpx

6. CVE-2023-6345 – Integer overflow in Skia graphics library

7. CVE-2023-4762 – Type Confusion in V8

Update Now

Google strongly recommends users update their Chrome web browser immediately to prevent exploitation. To update the Chrome web browser, you have to follow a few simple steps that we have mentioned below:-

• Go to the Settings option.

• Select About Chrome.

• Wait, as Chrome will automatically fetch and download the latest update.

• Then, wait for the latest version to be installed.

• Once the installation process completes, you have to restart Chrome.

• Now you are done.