Google releases patch for another actively hacked Chrome flaw
Take action: Another urgent patch for all your Chromium based browsers - Chrome, Brave, Opera, Edge.. The update is very easy, and it reopens all closed browsers. Don't be lazy, apply the patch.
Learn More
Google has issued urgent updates to address a new Chrome zero-day vulnerability, tracked as CVE-2023-7024 (CVSS score 9.8), which is actively being exploited. It involves a heap buffer overflow in the WebRTC framework used by several browsers, including Firefox, Safari, and Edge, for Real-Time Communications features. It's currently not clear if the flaw has any impact beyond Chrome and Chromium-based browsers.
While specific details about the exploitation incidents haven't been shared by Google, the company restricts access to detailed bug information to prevent further exploitation by threat actors.
The vulnerability was reported to Google and promptly addressed in the Stable Desktop channel for Chrome, with updates deployed for:
- Windows (versions 120.0.6099.129/130)
- Mac and Linux (version 120.0.6099.129).
The update is available for download. Google encourages setting up automatic browser updates for enhanced security.
The discovery of the bug was credited to Clément Lecigne and Vlad Stolyarov from Google's Threat Analysis Group (TAG), a team dedicated to protecting users from state-sponsored cyber attacks.
