Google has rolled out safety updates for the Chrome internet browser to deal with a high-severity zero-day flaw that it stated has been exploited within the wild.
The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug within the WebRTC framework that may very well be exploited to end in program crashes or arbitrary code execution.
Clément Lecigne and Vlad Stolyarov of Google’s Menace Evaluation Group (TAG) have been credited with discovering and reporting the flaw on December 19, 2023.
No different particulars in regards to the safety defect have been launched to forestall additional abuse, with Google acknowledging that “an exploit for CVE-2023-7024 exists within the wild.”
Provided that WebRTC is an open-source challenge and that it is also supported by Mozilla Firefox and Apple Safari, it is at present not clear if the flaw has any impression past Chrome and Chromium-based browsers.
The event marks the decision of the eighth actively exploited zero-day in Chrome for the reason that begin of the 12 months –
A complete of 26,447 vulnerabilities have been disclosed thus far in 2023, surpassing the earlier 12 months by over 1,500 CVEs, in accordance with information compiled by Qualys, with 115 flaws exploited by menace actors and ransomware teams.
Distant code execution, safety characteristic bypass, buffer manipulation, privilege escalation, and enter validation and parsing flaws emerged as the highest vulnerability varieties.
Customers are advisable to improve to Chrome model 120.0.6099.129/130 for Home windows and 120.0.6099.129 for macOS and Linux to mitigate potential threats.
Customers of Chromium-based browsers comparable to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they turn out to be obtainable.
