12 September 2023

Google releases emergency security updates to fix Chrome zero-day


Google releases emergency security updates to fix Chrome zero-day

Google has released out-of-band security updates to address a zero-day vulnerability in its Chrome browser.

Tracked as CVE-2023-4863, the flaw has been described as a WebP heap-based overflow issue that can lead to remote code execution.

The internet giant has yet to share additional details about the nature of attacks the bug has been exploited in, apart from saying that it is “aware that an exploit for CVE-2023-4863 exists in the wild.”

The company credited Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto's Munk School for discovering and reporting the bug, which suggests that the Chrome exploit may be somehow related to a recently disclosed cyberespionage campaign involving a zero-click iMessage exploit chain named BLASTPASS that was used to deploy the infamous Pegasus spyware onto fully-patched iPhones (running iOS 16.6) via PassKit attachments with malicious images.

Chrome users are recommended to upgrade their web browser to version 116.0.5845.187 (Mac and Linux) and 116.0.5845.187/.188 (Windows) as soon as possible.

Back to the list

Latest Posts

Fake WinRAR exploit drops VenomRAT

Fake WinRAR exploit drops VenomRAT

The fake code was based on a publicly available PoC script that exploited an SQL injection vulnerability in GeoServer.
21 September 2023
Gold Melody IAB exploits flaws in Oracle, Apache, Sitecore software to hack into corporate networks

Gold Melody IAB exploits flaws in Oracle, Apache, Sitecore software to hack into corporate networks

The group relies on web shells, built-in operating system utilities, and proprietary RATs.
21 September 2023
Piilopuoti dark web marketplace shut down by police

Piilopuoti dark web marketplace shut down by police

The Finnish Customs said it seized Piilopuoti’s servers and extracted their content.
20 September 2023