December 21, 2023 at 05:51AM
Google released emergency patches for the eighth zero-day vulnerability in Chrome this year. Tracked as CVE-2023-7024, it is a high-severity heap buffer overflow bug in the WebRTC component. The exploit is actively used and was reported by Google’s Threat Analysis Group. The latest Chrome version is 120.0.6099.129 for macOS and Linux, and 120.0.6099.129/130 for Windows.
Key takeaways from the meeting notes:
– Google announced emergency patches for a Chrome vulnerability, CVE-2023-7024, which is being actively exploited.
– The vulnerability is described as a high-severity heap buffer overflow bug in Chrome’s WebRTC component.
– WebRTC is an open source project supported by major browser makers that provides real-time communication via APIs.
– An exploit for CVE-2023-7024 was in the wild, prompting Google to release emergency patches.
– The vulnerability was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG).
– This marks the eighth documented Chrome zero-day vulnerability in 2023.
– Google has released Chrome version 120.0.6099.129 for macOS and Linux, and versions 120.0.6099.129/130 for Windows.
– The Chrome Extended Stable channel has also been updated to version 120.0.6099.129 for macOS and 120.0.6099.130 for Windows.
The meeting notes provided a comprehensive overview of the Chrome vulnerability and the steps taken by Google to address it, along with related updates and patches for Chrome.