Google is urging Chrome users to apply a security update to their browsers as it pushes a fix for a zero-day vulnerability that has known exploits.
Update 114.0.5735.106 for Mac and Linux, or 114.0.5735.110 for Windows, has addressed CVE-2023-3079 which was reported to Google days before a patch was released to the public on June 5.
The vulnerability was given a high severity rating, hence the fast-paced approach to issuing a fix, though precise details remain under wraps as the company waits for more users to apply the fix (and protect themselves against hackers).
Update Google Chrome now
The CVE description reads: “Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.”
In its announcement, Google admitted that it is “aware that an exploit for CVE-2023-3079 exists in the wild,” thanking Clément Lecigne of the company’s Threat Analysis Group for reporting the vulnerability on June 1.
While Google is typically quick to respond to bugs, a lengthy delay can occur between a bug being reported and details about it being shared, because the company wants to ensure that consumers have applied the relevant fixes first.
The announcement reads: “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”