Google releases emergency security updates to fix Chrome zero-day

Google releases emergency security updates to fix Chrome zero-day

Google has released out-of-band security updates to address a zero-day vulnerability in its Chrome browser.

Tracked as CVE-2023-4863, the flaw has been described as a WebP heap-based overflow issue that can lead to remote code execution.

The internet giant has yet to share additional details about the nature of attacks the bug has been exploited in, apart from saying that it is “aware that an exploit for CVE-2023-4863 exists in the wild.”

The company credited Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto's Munk School for discovering and reporting the bug, which suggests that the Chrome exploit may be somehow related to a recently disclosed cyberespionage campaign involving a zero-click iMessage exploit chain named BLASTPASS that was used to deploy the infamous Pegasus spyware onto fully-patched iPhones (running iOS 16.6) via PassKit attachments with malicious images.

Chrome users are recommended to upgrade their web browser to version 116.0.5845.187 (Mac and Linux) and 116.0.5845.187/.188 (Windows) as soon as possible.

Back to the list

Latest Posts

US SEC hacker gets 14 months in prison

US SEC hacker gets 14 months in prison

SEC’s official X account was hacked to make an announcement that sent shockwaves through financial markets.
19 May 2025
Sophisticated Lampion malware campaign targeting Portuguese orgs

Sophisticated Lampion malware campaign targeting Portuguese orgs

The new campaign involves a social engineering technique known as ClickFix.
19 May 2025
Cyber Security Week in Review: May 16, 2025

Cyber Security Week in Review: May 16, 2025

In brief: Microsoft, Fortinet, Ivanti, and Google patch zero-days, crypto exchange Coinbase reveals a data breach, and more.
16 May 2025