Brother
Professional
- Messages
- 2,590
- Reaction score
- 500
- Points
- 83
Please update as soon as possible before your data gets into the hands of hackers.
Yesterday, Google released a security update for its Chrome web browser to address a high-level zero-day vulnerability that is reportedly already being exploited by attackers.
The vulnerability, designated CVE-2023-7024, is described as a heap buffer overflow error within the WebRTC framework. This vulnerability can lead to program crashes or arbitrary code execution.
Other details about the security flaw have not yet been disclosed to prevent further abuse. Google confirms that the exploit for CVE-2023-7024 already exists and is actively used in real attacks.
The bug was the eighth actively exploited "zero-day" vulnerability in Chrome since the beginning of the year. The previous ones include:
According to experts, the most common types of vulnerabilities in 2023 were: remote code execution, bypassing security mechanisms, buffer manipulation, privilege escalation, and errors in input validation and processing.
All Chrome users on any desktop platform are advised to check the browser version and update if an update is available. Version 120.0.6099.129 or later is considered safe at the moment.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, Vivaldi, and Yandex Browser will also need to apply the fixes as soon as they become available.
Yesterday, Google released a security update for its Chrome web browser to address a high-level zero-day vulnerability that is reportedly already being exploited by attackers.
The vulnerability, designated CVE-2023-7024, is described as a heap buffer overflow error within the WebRTC framework. This vulnerability can lead to program crashes or arbitrary code execution.
Other details about the security flaw have not yet been disclosed to prevent further abuse. Google confirms that the exploit for CVE-2023-7024 already exists and is actively used in real attacks.
The bug was the eighth actively exploited "zero-day" vulnerability in Chrome since the beginning of the year. The previous ones include:
- CVE-2023-2033 (CVSS score: 8.8) - type confusion in V8;
- CVE-2023-2136 (CVSS score: 9.6) - integer overflow in Skia;
- CVE-2023-3079 (CVSS score: 8.8) - type confusion in V8;
- CVE-2023-4762 (CVSS score: 8.8) - type confusion in V8;
- CVE-2023-4863 (CVSS score: 8.8) - Buffer overflow in WebP;
- CVE-2023-5217 (CVSS score: 8.8) - buffer overflow in vp8 encoding in libvpx;
- CVE-2023-6345 (CVSS score: 9.6) - integer overflow in Skia.
According to experts, the most common types of vulnerabilities in 2023 were: remote code execution, bypassing security mechanisms, buffer manipulation, privilege escalation, and errors in input validation and processing.
All Chrome users on any desktop platform are advised to check the browser version and update if an update is available. Version 120.0.6099.129 or later is considered safe at the moment.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, Vivaldi, and Yandex Browser will also need to apply the fixes as soon as they become available.
