Chrome’s third exploited zero-day this year has also been fixed

Google is urging Chrome users to apply a security update to their browsers as it pushes a fix for a zero-day vulnerability that has known exploits.

Update 114.0.5735.106 for Mac and Linux, or 114.0.5735.110 for Windows, has addressed CVE-2023-3079 which was reported to Google days before a patch was released to the public on June 5.

The vulnerability was given a high severity rating, hence the fast-paced approach to issuing a fix, though precise details remain under wraps as the company waits for more users to apply the fix (and protect themselves against hackers).

Update Google Chrome now

The CVE description reads: “Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.”

In its announcement, Google admitted that it is “aware that an exploit for CVE-2023-3079 exists in the wild,” thanking Clément Lecigne of the company’s Threat Analysis Group for reporting the vulnerability on June 1.

This isn’t the first time Google has had issues with the V8 JavaScript engine, with the browser’s first zero-day of 2023 also attributable to that. Its second zero-day saw a C++ 2D graphics library issue rectified.

While Google is typically quick to respond to bugs, a lengthy delay can occur between a bug being reported and details about it being shared, because the company wants to ensure that consumers have applied the relevant fixes first.

The announcement reads: “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

Like this post? Please share to your friends: