Yesterday, Google addressed another zero-day vulnerability affecting Google Chrome. The Flashpoint Intel Team quickly published an alert to VulnDB customers and have been closely tracking the vulnerability since.Yesterday, Google addressed another zero-day vulnerability affecting Google Chrome. The Flashpoint Intel Team quickly published an alert to VulnDB customers and have been closely tracking the vulnerability since.
Google fixes new zero-day vulnerability
Google has be informed for the existence of one exploit for vulnerability CVE-2023-3079 in Chrome.
To start the process of manually updating Chrome to the latest version that addresses the actively exploited security issue, go to Chrome’s settings menu (upper right corner) and select Help → About Google Chrome.
Otherwise, updates are installed as soon as you restart the browser. This makes it easier for users to keep their apps up-to-date without having to intervene manually. Restarting your app is necessary to complete the update process.
Interestingly, none of the three zero-day vulnerabilities reported in Google Chrome this year have been within the core browser but rather in libraries that it relies upon. One of the two previously reported zero-days also affected V8, CVE-2023-2033, while the other was reported in the Skia 2D graphic library, CVE-2023-2136.
As for Chrome, the program will nudge you to patch by showing an “update” button in the upper-right corner of the browser when the new version becomes available.
Google Chrome fixes are available in version 114.0.5735.106 for Mac and Linux and version 114.0.5735.110 for Windows.