Google released security updates on Monday to address a high-severity vulnerability in its Chrome web browser, which the company claims is being actively exploited in the open.
The vulnerability, identified as CVE-2023-3079, is a type of confusion flaw in the V8 JavaScript engine. On June 1, 2023, Clement Lecigne of Google’s Threat Analysis Group (TAG) is attributed with reporting the issue.
“Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a specially crafted HTML page,” according to the National Vulnerability Database (NVD) of the National Institute of Standards and Technology (NIST).
As is customary, the tech behemoth did not disclose the nature of the assaults but did note that it is “aware that an exploit for CVE-2023-3079 exists in the wild.”
With the most recent update, Google has addressed three actively exploited zero-day vulnerabilities in Chrome since the beginning of the year.
CVE-2023-2033 (CVSS score: 8.8) – Type Confusion vulnerability in V8 CVE-2023-2136 (9.6 CVSS score) – Integer overrun in Skia
Users are advised to upgrade to version 114.0.5735.110 for Windows and version 114.0.5735.106 for macOS and Linux in order to prevent potential security risks. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also implement the updates as soon as they become available.
Must Read:
Second Zero-Day Attack on Google Chrome – Urgent Patch Released
