Cookie Consent by Free Privacy Policy Generator Google Addresses Zero-Day Vulnerability in Chrome with Urgent Security Updates | Review Space



Cover Image

Google Addresses Zero-Day Vulnerability in Chrome with Urgent Security Updates

WebRTC Framework at Risk: Heap-Based Buffer Overflow Exploited in the Wild

NEWS  Security  December 22, 2023  Reading time: 2 Minute(s)

mdo Max (RS editor)


In a swift response to a critical security threat, Google has released urgent security updates for its Chrome web browser, aiming to rectify a zero-day vulnerability that has already been exploited in real-world scenarios. The identified vulnerability, officially labeled CVE-2023-7024, is characterized as a heap-based buffer overflow bug within the WebRTC framework. This flaw poses a substantial risk, potentially leading to program crashes or, even more concerning, the execution of arbitrary code.

The discovery and reporting of CVE-2023-7024 are credited to Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group (TAG), who brought attention to the flaw on December 19, 2023. The severity of the situation is underscored by Google's acknowledgment that an exploit for this vulnerability is actively being used in the wild.

Details surrounding the security defect remain intentionally scarce, a measure taken to prevent further exploitation. However, the gravity of the situation is heightened by the fact that WebRTC is not exclusive to Google Chrome; it is an open-source project also supported by Mozilla Firefox and Apple Safari. At present, it is unclear whether the vulnerability extends beyond Chrome and Chromium-based browsers.

The urgency of this security update is accentuated by the broader cybersecurity landscape in 2023. Qualys data reveals a staggering 26,447 vulnerabilities disclosed so far this year, surpassing the previous year by over 1,500 CVEs. Among these, 115 vulnerabilities have been actively exploited by threat actors and ransomware groups. Notable vulnerability types include remote code execution, security feature bypass, buffer manipulation, privilege escalation, and input validation and parsing flaws.

To mitigate potential threats stemming from CVE-2023-7024, users are strongly advised to upgrade their Chrome browser to version 120.0.6099.129/130 on Windows and 120.0.6099.129 on macOS and Linux. Additionally, users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, should promptly apply the available fixes as they become accessible.

 COVER IMAGE: GOOGLE / REVIEW SPACE 

SHARE THIS ARTICLE


*Our pages may contain affiliate links. If you buy something via one of our affiliate links, Review Space may earn a commission. Thanks for your support!
spacer

SPONSORED



SPONSORED


CATEGORIES



banner

Buy Me a Coffee at ko-fi.com