Google has released a security update for its Chrome web browser to address a high-severity zero-day flaw that is reportedly being exploited in the wild.
Vulnerabilities assigned CVE IDs CVE-2023-7024is explained as. Heap-based buffer overflow bug Exploitation within the WebRTC framework may lead to a program crash or arbitrary code execution.
Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) are credited with discovering and reporting the flaw.
Google says other details about the security flaw are not being made public to prevent further exploitation. admit “An exploit for CVE-2023-7024 actually exists.”
This development marks the eighth zero-day resolution to be actively exploited in Chrome this year.
According to 2023, a total of 26,447 vulnerabilities have been disclosed so far, with over 1,500 more CVEs than the previous year. Data collected by Qualysthere are 115 flaws exploited by threat actors and ransomware groups.
The top vulnerability types were remote code execution, security feature bypass, buffer manipulation, privilege escalation, and input validation and parsing flaws.
To mitigate potential threats, we recommend upgrading to Chrome version 120.0.6099.129/130 for Windows and 120.0.6099.129 for macOS and Linux.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply the fix as soon as it becomes available.