Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability
Google on Monday released a security update to patch a high-level flaw in its Chrome web browser that it says is being actively exploited in the wild.
tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been entrusted with reporting the issue on June 1, 2023.
“Type obfuscation in V8 on Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit stack corruption via generated HTML pages,” according to to the National Vulnerability Database (NVD) NIST.
The tech giant, as usual, doesn’t reveal details on the nature of its attacks, but noted it “realizes that an exploit for CVE-2023-3079 exists in the wild.”
With the latest developments, Google has addressed a total of three actively exploited zero-days in Chrome since the start of the year –
Users are advised to upgrade to version 114.0.5735.110 for Windows and 114.0.5735.106 for macOS and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi are also advised to apply the fix when it becomes available.
