Google fixes 8th Chrome zero-day exploited in attacks this year

Google fixes 8th Chrome zero-day exploited in attacks this year

December 20, 2023 at 04:44PM

Google has released emergency updates to address the eighth Chrome zero-day vulnerability of the year, CVE-2023-7024, which was exploited in targeted attacks. The bug, discovered by Google’s Threat Analysis Group, affects the open-source WebRTC framework and poses a high-severity risk due to a heap buffer overflow weakness. Google aims to limit access to bug details to thwart potential exploits.

Summary of meeting notes:

– Google released emergency updates to fix the eighth zero-day vulnerability in Chrome this year.
– The vulnerability, CVE-2023-7024, was discovered by the Threat Analysis Group and was exploited in the wild.
– The bug was a high-severity zero-day vulnerability due to a heap buffer overflow weakness in the open-source WebRTC framework.
– Google is cautious about sharing the bug details until a majority of users are updated with a fix to prevent threat actors from taking advantage of the information.
– This is the eighth Chrome zero-day vulnerability patched this year, with previous vulnerabilities including CVE-2023-6345, CVE-2023-5217, CVE-2023-4863, CVE-2023-3079, CVE-2023-4762, CVE-2023-2136, and CVE-2023-2033. Some of these were also used to deploy spyware.

Full Article