Google fixes 8th zero-day bug in Chrome exploited in attacks this year


San Francisco, Dec 22 (IANS): Google has issued an emergency patch to address yet another Chrome zero-day vulnerability that has been exploited in the wild, making this the eighth patch issued since the beginning of the year.

"Google is aware that an exploit for CVE-2023-7024 exists in the wild," a security advisory wrote in a blogpost.

The tech giant fixed the zero-day flaw for users in the Stable Desktop channel, with patched versions rolling out globally to Windows users (120.0.6099.129/130) and Mac and Linux users (120.0.6099.129) one day after it was reported to Google.

The bug was discovered and reported by Clement Lecigne and Vlad Stolyarov of Google's Threat Analysis Group (TAG).

TAG is a group of security professionals whose primary goal is to protect Google customers against state-sponsored attacks, according to Bleeping Computer.

The high-severity zero-day vulnerability (CVE-2023-7024) is due to a heap buffer overflow weakness in the open-source WebRTC framework.

Several web browsers, including Mozilla Firefox, Safari, and Microsoft Edge, utilize JavaScript APIs to provide real-time Time Communications (RTC) capabilities (e.g., video streaming, file sharing, and VoIP telephony), the report explained.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. Meanwhile, Google is rolling out a new "AI support assistant" chatbot on some of its Help pages to provide users with product assistance.

When visiting the support pages for some Google products, users will encounter a "Hi, I'm a new Al support assistant. Chat with me to find answers and solve account issues" dialogue box in the bottom-right corner of your screen, reports 9to5Google.

 

 

  

Top Stories


Leave a Comment

Title: Google fixes 8th zero-day bug in Chrome exploited in attacks this year



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.