Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

1 week ago 23

Sep 12, 2023THNBrowser Security / Zero Day

Chrome Vulnerability

Google connected Monday rolled retired out-of-band information patches to code a captious information flaw successful its Chrome web browser that it said has been exploited successful the wild.

Tracked arsenic CVE-2023-4863, the contented has been described arsenic a lawsuit of heap buffer overflow that resides successful the WebP representation format that could effect successful arbitrary codification execution oregon a crash.

Apple Security Engineering and Architecture (SEAR) and the Citizen Lab astatine The University of Toronto's Munk School person been credited with discovering and reporting the flaw connected September 6, 2023.

The tech elephantine has yet to disclose further details astir the quality of the exploit, but noted that it's "aware that an exploit for CVE-2023-4863 exists successful the wild."

Cybersecurity

With the latest fix, Google has addressed a full of 4 zero-days successful Chrome since the commencement of the twelvemonth -

The improvement comes the aforesaid time Apple expanded fixes to remediate CVE-2023-41064 for the beneath devices and operating systems -

CVE-2023-41064 relates to a buffer overflow contented successful the Image I/O constituent that could pb to arbitrary codification execution erstwhile processing a maliciously crafted image.

UPCOMING WEBINAR

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

Achieved MFA? PAM? Service relationship protection? Find retired however well-equipped your enactment genuinely is against individuality threats

Supercharge Your Skills

According to the Citizen Lab, CVE-2023-41064 is said to person been utilized successful conjunction with CVE-2023-41061, a validation contented successful Wallet, arsenic portion of a zero-click iMessage exploit concatenation named BLASTPASS to deploy Pegasus connected fully-patched iPhones moving iOS 16.6.

The information that some CVE-2023-41064 and CVE-2023-4863 hinge astir representation processing and that the second has been reported by Apple and the Citizen Lab suggests determination could beryllium a imaginable transportation betwixt the two.

Users are recommended to upgrade to Chrome mentation 116.0.5845.187/.188 for Windows and 116.0.5845.187 for macOS and Linux to mitigate imaginable threats. Users of Chromium-based browsers specified arsenic Microsoft Edge, Brave, Opera, and Vivaldi are besides advised to use the fixes arsenic and erstwhile they go available.


Found this nonfiction interesting? Follow america connected Twitter and LinkedIn to work much exclusive contented we post.

Read Entire Article