Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[Zero-Day] Chrome Exploit Again: Update Required

Executive Summary

Google has responded to a high-severity zero-day vulnerability, CVE-2023-7024, in the Chrome web browser. This flaw, a heap-based buffer overflow in the WebRTC framework, poses a risk of program crashes and arbitrary code execution.

Google acknowledged that the vulnerability is actively exploited in the wild. The resolution of this issue marks the eighth actively exploited zero-day in Chrome for the year.

It is crucial for Chrome users to update their browsers immediately. Additionally, users of other Chromium-based browsers should prioritise updating as soon as the updates become available for those products.

About CVE-2023-7024

This zero-day vulnerability in Chrome is classified as high-severity. It involves a heap-based buffer overflow within the WebRTC framework. Please note that at the time of writing this article, it does not have a CVSS score yet.

Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) discovered and reported the vulnerability, withholding further details to prevent additional exploitation.

Google has patched the vulnerability in Chrome version 120.0.6099.129/130 for Windows and version 120.0.6099.129 for macOS and Linux.

Call for Action

Users are strongly advised to update their Chrome browsers to address the vulnerability and mitigate potential threats.

Please refer to the security advisory from Google for further information.

Additionally, users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, should apply the fixes promptly as they become available.

Chrome Zero-Day Flaws in 2023

Among many other fixes, Google has addressed 8 zero-day vulnerabilities in Chrome throughout 2023. Please see below for the ones addressed earlier, listed in chronological order:

Let’s hope this will be the last zero-day of Chome in 2023!

Continued vigilance and prompt updates are crucial in the ongoing effort to secure Chrome and Chromium-based browsers.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.