Google has issued emergency security updates to address an actively exploited vulnerability in its Chrome browser. This is the eight documented zero-day flaw patched by Google since the beginning of the year.
Tracked as CVE-2023-7024, the vulnerability is described as a heap-based buffer overflow issue in WebRTC, which can be abused for remote code execution. To do this, an attacker needs to trick the victim into visiting a malicious web page.
As per usual, Google withheld technical details, until a majority of users are updated with a fix.
“Google is aware that an exploit for CVE-2023-7024 exists in the wild,” the company noted, without sharing information on when and how the flaw was exploited.
Throughout the year, the tech giant addressed seven other Chrome zero-days:
-
CVE-2023-2033 (April) - Type confusion in V8
-
CVE-2023-2136 (April) - Integer overflow in Skia
-
CVE-2023-4762 (May)- Type confusion in V8
-
CVE-2023-3079 (June) - Type confusion in V8
-
CVE-2023-4863 (September) - Heap buffer overflow in WebP
-
CVE-2023-5217 (September) - Heap buffer overflow in vp8 encoding in libvpx
-
CVE-2023-6345 (November) - Integer overflow in Skia