New Google Chrome Zero-Day Bug Actively Exploited in Wild

   June 7, 2023  Posted in CyberSecurityNews


Google released new security updates for actively exploited Chrome zero-day vulnerability exploit in the Wild, which allows attackers to execute an arbitrary code to take complete control of the system remotely.

Google released Chrome 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows, a new update that fixes its first actively exploited the zero-day vulnerability of the year.  Chrome is available for Windows, Mac, and Linux.

CSN

CVE-2023-3079, a high-severity zero-day vulnerability, was found and reported by Clément Lecigne of Google’s Threat Analysis Group.

“Google is aware that an exploit for CVE-2023-3079 exists in the wild,” This update includes 2 security fixes, Google says.

Chrome Zero-day Bug Details – CVE-2023-3079

All Chrome versions are vulnerable to the high-severity type Confusion vulnerability in the V8 Javascript engine, which lets attackers remotely exploit the flaw by running arbitrary code.

By reading or writing outside the buffer’s limits, this zero-day flaw causes browser crashes when it is successfully exploited.

Before this update, a type confusion in V8 in Google Chrome might have theoretically allowed a remote attacker to exploit heap corruption using a forged HTML page.

Attackers are particularly drawn to V8, the open-source Google JavaScript engine developed in C++ that powers Chrome and other Chromium-based browsers*.

Using one type, such as a pointer, object, or variable, to allocate or initialize a resource is possible when there is a type confusion vulnerability. However, it later uses a type incompatible with the original to access that resource.

CVE-2023-3079 vulnerability technical details will be available soon after most users get the patch.

” Access to bug details and links may be restricted until most users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed.” Google reports.

Update Now

Google strongly recommends users update their Chrome web browser immediately to prevent exploitation. To update the Chrome web browser, you have to follow a few simple steps that we have mentioned below:-  

Chrome Zero-Day Bug
  • First of all, go to the Settings option.
  • Then select About Chrome.
  • Now you must wait, as Chrome will automatically fetch and download the latest update.
  • Then wait for the latest version to be installed.
  • Once the installation process completes, now you have to restart Chrome.
  • That’s it. Now you are done.

Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus



Source link