GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED

GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY

Google has issued emergency updates to address yet another Chrome zero-day vulnerability that has been actively exploited in the wild. This marks the eighth zero-day vulnerability patched since the beginning of the year.

GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED

The vulnerability has been resolved in the latest release, version 120.0.6099.129 for Mac and Linux, and versions 120.0.6099.129/130 for Windows. The update will be gradually rolled out over the coming days/weeks.

The vulnerability is identified as a Heap buffer overflow issue in WebRTC. It was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on December 19, 2023, and swiftly addressed within a day.

According to the advisory published by the IT giant, “CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on December 19, 2023.” Google acknowledges the existence of an exploit for CVE-2023-7024 in the wild.

The discovery of the issue by Google TAG suggests potential exploitation by a nation-state actor or a surveillance firm. Consistent with its practice, Google has refrained from disclosing specific details about the attacks exploiting the flaw in the wild.

The advisory further states, “Access to bug details and links may be restricted until a majority of users are updated with a fix. We will also maintain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed.”

Google has addressed the eighth vulnerability since the beginning of the year. The following is a list of actively exploited zero-day vulnerabilities in Chrome resolved by Google in the current year:

CVE-2023-6345 marks the sixth actively exploited zero-day vulnerability in Chrome addressed by Google this year. The previous ones are: