Google Patches New Chrome Bug Exploited by Hackers in the Wild
Threat actors are said to be exploiting a new zero-day flaw in Chrome, the world’s most popular web browser, used as default by 2.6 billion people. Google has issued an emergency fix.
Rated as high severity, the vulnerability in question is described as a type confusion issue in V8, Google’s open source JavaScript and WebAssembly engine. It affects all desktop iterations of Chrome (Windows, Mac, Linux).
Since Android releases typically contain the same security fixes as their corresponding desktop release (unless otherwise noted by Google), the bug also likely affects the Android version of Chrome.
The fix is available in Chrome 114.0.5735.106 for Mac and Linux and Chrome 114.0.5735.110 for Windows. The Android fix is available in Chrome 114.0.5735.60/.61, according to a separate advisory. On iOS, an updated Chrome 114 (114.0.5735.99) is available as of June 1, delivering a number of new features as well as the customary “stability and performance improvements.”
This nasty flaw was reported by one of Google’s own researchers, Clément Lecigne of the company’s Threat Analysis Group. The issue is now tracked as CVE-2023-3079 in the infosec community.
More importantly, the advisory accompanying this release states that “Google is aware that an exploit for CVE-2023-3079 exists in the wild.” That means threat actors are likely targeting users who have not yet patched their Chrome browser.
This is the third zero-day flaw discovered in Chrome this year.
Bitdefender recommends that users deploy the latest Chrome version available for their device as soon as possible.