Google is releasing another fix for a zero-day vulnerability. The news marks the third time this year that hackers have exploited such vulnerabilities within the popular browser, raising concerns about its susceptibility to targeted attacks. Google acknowledged the existence of an exploit for CVE-2023-3079 in a recent security bulletin, urging users to exercise caution.
While specifics regarding the exploit and the attacks remain undisclosed, Google’s decision to withhold technical details aligns with their customary approach to such issues. The reasoning is simple: they intend to protect users from harm until a significant number have transitioned to the secure version. By limiting information, adversaries are hindered from exploiting the vulnerability further.
Google researcher Clément Lecigne discovered CVE-2023-3079 on June 1, 2023
The high-severity vulnerability stems from a type confusion in V8, Chrome’s JavaScript engine responsible for executing code within the browser. Such bugs arise when the engine misinterprets an object’s type during runtime, potentially allowing memory manipulation and arbitrary code execution.
Google previously addressed CVE-2023-2033, another type confusion bug within the V8 JavaScript engine. Shortly after, an emergency security update rectified CVE-2023-2136, an actively exploited flaw in the browser’s 2D graphics library, Skia.
Zero-day vulnerabilities often become targets for sophisticated threat actors. It includes those linked to state-sponsored activities, primarily aimed at high-profile individuals in government, the media, or critical organizations.
Update now to avoid issues
In addition to tackling the zero-day vulnerability, the latest Chrome version addresses issues identified during internal audits and code fuzzing analyses. The update will be gradually rolled out over the coming days and weeks, ensuring a meticulous distribution process.
To manually initiate the Chrome update, users can access the settings menu (located in the upper right corner) and select Help, followed by About Google Chrome. Relaunching the application is necessary to finalize the update.
Alternatively, security updates are automatically installed upon the browser’s next launch, negating the need for user intervention. Users should check the “About” page to confirm they are running the latest version.
Also read: ‘Google releases emergency fix for zero-day Chrome vulnerability’
33 minutes ago
