Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] Vulnerabilities in Chrome

What Happened?

Google has rolled out emergency security updates to fix a zero-day vulnerability that has been actively exploited in attacks since the start of 2023.

Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Toronto’s Munk School reported the issue to Google on September 6, 2023.

Impact

The flaw, tracked as CVE-2023-4863, is a critical heap buffer overflow that resides in the WebP. Its exploitation could lead to crashes and remote code execution.

WebP is a raster graphics file format that replaces JPEG, PNG, and GIF. Within Google Chrome, WebP images are decoded by the renderer, and therefore any exploit can gain renderer code execution.

Google’s Response

Google has acknowledged that an exploit for CVE-2023-4863 exists in the wild and released stable channel updates for desktop to address the issue on September 11, 2023.

The Stable and Extended stable channels have been updated to 116.0.5845.187 for Mac and Linux, and 116.0.5845.187/.188 for Windows.

Please see Chrome Release Updates for more information.

As usual, the company did not publicly share details of the attacks.

Earlier Zero-Day Flaws Impacted Chrome in 2023

This year, Google has addressed the following actively exploited zero-day flaws in Chrome:

  • CVE-2023-2033 (CVSS score: 8.8) – Type Confusion in V8
  • CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in the Skia graphics library
  • CVE-2023-3079 (CVSS score: 8.8) – Type Confusion in V8

Recommendation for Users

Users are advised to update their Chrome browser to the latest version to protect against this flaw.

Furthermore, it is recommended that users enable automatic updates to ensure that their browser is always equipped with the latest security patches to fix vulnerabilities like this one.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00