Google fixes 8th Chrome zero-day exploited in attacks this year

Trending 2 months ago

Google Chrome

Google has released emergency updates to hole different Chrome zero-day vulnerability exploited successful nan wild, nan eighth patched since nan commencement of nan year.

"Google is alert that an utilization for CVE-2023-7024 exists successful nan wild," a security advisory published Wednesday said.

The institution fixed nan zero-day bug for users successful nan Stable Desktop channel, pinch patched versions rolling retired worldwide to Windows users (120.0.6099.129/130) and Mac and Linux users (120.0.6099.129) 1 time aft being reported to Google.

​​​The bug was discovered and reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group (TAG), a corporate of information experts whose superior extremity is to take sides Google customers from state-sponsored attacks.

Google's Threat Analysis Group (TAG) often discovers zero-day bugs exploited by government-sponsored threat actors successful targeted attacks aiming to deploy spyware connected nan devices of high-risk individuals, including guidance politicians, dissidents, and journalists.

Even though nan information update could return days aliases weeks to scope each users, according to Google, it was disposable instantly erstwhile BleepingComputer checked for updates earlier today.

Individuals who for illustration not to update manually tin trust connected their web browser to automatically cheque for caller updates and instal them upon nan adjacent launch.

CVE-2023-7024 tweet

Eighth Chrome zero-day patched this year

The high-severity zero-day vulnerability (CVE-2023-7024) is owed to a heap buffer overflow weakness successful nan open-source WebRTC model galore different web browsers and mobile apps usage to supply Real-Time Communications (RTC) capabilities via JavaScript APIs.

While Google knows that CVE-2023-7024 was exploited arsenic a zero-day successful nan wild, it has yet to stock further specifications regarding these incidents.

"Access to bug specifications and links whitethorn beryllium kept restricted until a mostly of users are updated pinch a fix," Google said.

"We will besides clasp restrictions if nan bug exists successful a 3rd statement room that different projects likewise dangle on, but haven't yet fixed."

This intends to trim nan likelihood of threat actors processing their ain CVE-2023-7024 exploits by preventing them from taking advantage of recently released method information.

Previously, Google patched 7 different zero-days exploited successful attacks, tracked arsenic CVE-2023-6345, CVE-2023-5217, CVE-2023-4863, CVE-2023-3079, CVE-2023-4762, CVE-2023-2136, and CVE-2023-2033.

Some of them, for illustration CVE-2023-4762, were tagged arsenic zero-day bugs utilized to deploy spyware weeks aft nan institution released patches.