December 20, 2023 at 11:33PM
Google has released security updates for Chrome to fix a high-severity zero-day flaw in the WebRTC framework (CVE-2023-7024) allowing program crashes or code execution. The eighth actively exploited zero-day in Chrome is resolved. A total of 26,447 2023 vulnerabilities were disclosed surpassing the previous year. Users should upgrade to Chrome version 120.0.6099.129/130.
Based on the meeting notes, the key takeaways are:
1. Google has released security updates for the Chrome web browser to address a high-severity zero-day flaw, identified as CVE-2023-7024, which has been exploited in the wild.
2. The vulnerability is a heap-based buffer overflow bug in the WebRTC framework that could lead to program crashes or arbitrary code execution.
3. The flaw was discovered and reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group.
4. This marks the resolution of the eighth actively exploited zero-day in Chrome since the beginning of the year.
5. A total of 26,447 vulnerabilities have been disclosed in 2023, surpassing the previous year by over 1,500 CVEs, with 115 flaws exploited by threat actors and ransomware groups.
6. Users are advised to upgrade to Chrome version 120.0.6099.129/130 for Windows and 120.0.6099.129 for macOS and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as they become available.
If you need any further assistance with this information, feel free to ask.