uTalk

thrive

Member

Registered: 2023-01-04

Posts: 1,985

Google Releases a Fix for a New Chrome Vulnerability

Google announced security fixes on Monday to address a high-severity flaw in its Chrome web browser, which it claims is being actively exploited in the wild.
The vulnerability, identified as CVE-2023-3079, has been described as a type of misunderstanding flaw in the V8 JavaScript engine. On June 1, 2023, Clement Lecigne of Google's Threat Analysis Group (TAG) was credited with disclosing the bug.
"Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to the National Vulnerability Database (NVD) of the National Institute of Standards and Technology.

The tech giant, as is typically the case, did not disclose details of the nature of the attacks, but noted it's "aware that an exploit for CVE-2023-3079 exists in the wild."

With the latest development, Google has addressed a total of three actively exploited zero-days in Chrome since the start of the year -

CVE-2023-2033 (CVSS score: 8.8) - Type Confusion in V8
CVE-2023-2136 (CVSS score: 9.6) - Integer overflow in Skia
Users are recommended to upgrade to version 114.0.5735.110 for Windows and 114.0.5735.106 for macOS and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.