Home > News > Google Chrome Zero-Day Attack: Urgent Alert! โš ๏ธ๐Ÿ”

Google Chrome Zero-Day Attack: Urgent Alert! โš ๏ธ๐Ÿ”

zero day alert google chrome under active attack exploiting new vulnerability feature

Overview: Google Chrome Under Active Attack Exploiting New Vulnerability

Google has released security updates to address seven security issues in its Chrome browser, including a zero-day vulnerability that has been actively exploited in the wild. The high-severity vulnerability, tracked as CVE-2023-6345, is an integer overflow bug in Skia, an open-source 2D graphics library. The flaw was discovered and reported by Benoรฎt Sevens and Clรฉment Lecigne of Google's Threat Analysis Group (TAG) on November 24, 2023. An exploit for CVE-2023-6345 exists in the wild, although Google has not shared additional information about the nature of attacks or the threat actors behind them.

The latest update brings the total number of zero-days addressed by Google in Chrome to seven since the start of 2023. The other six zero-days are:

  • CVE-2023-2033 (CVSS score: 8.8) – Type confusion in V8
  • CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
  • CVE-2023-3079 (CVSS score: 8.8) – Type confusion in V8
  • CVE-2023-4762 (CVSS score: 8.8) – Type confusion in V8
  • CVE-2023-4863 (CVSS score: 8.8) – Heap buffer overflow in WebP
  • CVE-2023-5217 (CVSS score: 8.8) – Heap buffer overflow in vp8 encoding in libvpx

Users are advised to upgrade to Chrome version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

It is worth noting that Google released patches for a similar integer overflow flaw in the same component (CVE-2023-2136) in April 2023 that had also come under active exploitation as a zero-day, raising the possibility that CVE-2023-6345 could be a patch bypass for the former. CVE-2023-2136 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

In conclusion, Google has released security updates to fix seven security issues in its Chrome browser, including a zero-day vulnerability that has been actively exploited in the wild. Users are advised to upgrade to the latest version of Chrome to mitigate potential threats.

zero-day-alert-google-chrome-under-active-attack-exploiting-new-vulnerability
image ยฉ 2024. all rights reserved.

Frequently Asked Questions

How can users protect themselves from the latest Chrome zero-day vulnerability?

Users can protect themselves from the latest Chrome zero-day vulnerability by updating their Chrome browser to the latest version. Additionally, users should avoid clicking on suspicious links and downloading attachments from unknown sources.

What steps has Google taken to address the new zero-day exploit?

Google has released security updates to address the new zero-day exploit in Chrome. The updates fix the vulnerability and prevent attackers from exploiting it. Users are advised to update their browsers as soon as possible.

Are there any patches available for the recent Chrome zero-day security issue?

Yes, patches are available for the recent Chrome zero-day security issue. Google has released security updates that fix the vulnerability. Users should update their browsers to the latest version to protect themselves.

What are the potential risks associated with the Chrome zero-day vulnerability discovered in 2023?

The potential risks associated with the Chrome zero-day vulnerability discovered in 2023 include hackers gaining unauthorized access to sensitive data on the affected systems. Attackers can use the vulnerability to execute arbitrary code and take control of the system.

How can I check if my system has been compromised by the zero-day exploit in Chrome?

Users can check if their system has been compromised by the zero-day exploit in Chrome by looking for any suspicious activity, such as unauthorized access to files or unusual network traffic. Additionally, users can use antivirus software to scan their systems for any malicious files or code.

What should IT administrators do immediately upon discovering the active zero-day attack on Chrome?

IT administrators should immediately update all affected systems to the latest version of Chrome to prevent further exploitation of the vulnerability. Additionally, they should monitor the systems for any suspicious activity and take appropriate action if any is detected. They should also educate their users on safe browsing practices and the risks associated with clicking on suspicious links or downloading attachments from unknown sources.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.