Google Patches Actively Exploited Chrome Flaw

  • Google has released a security update to patch a high-severity flaw, CVE-2023-3079, in Chrome, which is currently being exploited in the wild.
  • Users of Chrome and Chromium-based browsers are strongly recommended to update to the latest versions to protect against this actively exploited vulnerability.

Google has issued security updates on Monday to address a high-severity vulnerability in its Chrome web browser that is currently being exploited in the wild.

Identified as CVE-2023-3079, the flaw has been characterized as a type confusion bug in the V8 JavaScript engine. The bug was reported by Clement Lecigne from Google’s Threat Analysis Group (TAG) on June 1, 2023.

“Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” the NIST’s National Vulnerability Database (NVD) reports.

As is customary, Google has not disclosed specifics about the nature of the attacks but has confirmed that it is “aware that an exploit for CVE-2023-3079 exists in the wild.”

The update marks the third zero-day vulnerability that Google has resolved in Chrome since the beginning of the year, including CVE-2023-2033 (CVSS score: 8.8) – Type Confusion in V8 and CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia.

To mitigate potential threats, users are urged to upgrade to version 114.0.5735.110 for Windows and 114.0.5735.106 for macOS and Linux. Additionally, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply the updates once they are available.

Users are urged to update their browsers as soon as possible to protect themselves from this vulnerability. To update Chrome, open the Chrome menu and select “Help” > “About Google Chrome.” Chrome will automatically check for updates and install them if necessary.

About CVE-2023-3079

Here are some additional details about the vulnerability:

  • The vulnerability is caused by a bug in the way that V8 handles type casting.
  • The vulnerability can be exploited by tricking a victim into visiting a malicious website that contains specially crafted JavaScript code.
  • The malicious JavaScript code can then be used to execute arbitrary code on the victim’s computer.
  • The vulnerability has been assigned a severity rating of “High” by the Common Vulnerabilities and Exposures (CVE) project.