Google has rolled out safety updates for the Chrome internet browser to deal with a high-severity zero-day flaw that it stated has been exploited within the wild.
The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug within the WebRTC framework that might be exploited to end in program crashes or arbitrary code execution.
Clément Lecigne and Vlad Stolyarov of Google’s Menace Evaluation Group (TAG) have been credited with discovering and reporting the flaw on December 19, 2023.
No different particulars concerning the safety defect have been launched to forestall additional abuse, with Google acknowledging that “an exploit for CVE-2023-7024 exists within the wild.”
On condition that WebRTC is an open-source challenge and that it is also supported by Mozilla Firefox and Apple Safari, it is at present not clear if the flaw has any impression past Chrome and Chromium-based browsers.
The event marks the decision of the eighth actively exploited zero-day in Chrome for the reason that begin of the yr –
A complete of 26,447 vulnerabilities have been disclosed up to now in 2023, surpassing the earlier yr by over 1,500 CVEs, in keeping with knowledge compiled by Qualys, with 115 flaws exploited by risk actors and ransomware teams.
Distant code execution, safety characteristic bypass, buffer manipulation, privilege escalation, and enter validation and parsing flaws emerged as the highest vulnerability varieties.
Customers are beneficial to improve to Chrome model 120.0.6099.129/130 for Home windows and 120.0.6099.129 for macOS and Linux to mitigate potential threats.
Customers of Chromium-based browsers similar to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they grow to be out there.
