Zero-Day Vulnerability in Google Chrome & Chromium-based web browsers (CVE-2023-3079)

A zero-day arbitrary code execution vulnerability (CVE-2023-3079) was identified in Google Chrome & Chromium-based web browsers recently and actively exploited in the wild by unknown threat actors. The vulnerability could allow remote attacker to execute arbitrary code on computers running unpatched browser version. Users are urged to apply the latest patch immediately to mitigate any potential threats.

Vulnerability

Arbitrary Code Execution Vulnerability (CVE-2023-3079)
- Description:
  The vulnerability is caused by a type confusion within the V8 JavaScript engine in Google Chrome, which enables a remote attacker to exploit a heap corruption via a crafted HTML page. Successful exploitation of the vulnerability may result in arbitrary code execution.

Severity Level

High

Affected versions

Google Chrome prior to 114.0.5735.110 for Windows
Google Chrome prior to 114.0.5735.106 for MacOS and Linux
Chromium-based browsers, e.g. Microsoft Edge, prior to 114.0.1823.41

Remediation

Update Google Chrome and Chromium-based browsers to the latest version ASAP with the steps below:
- For Google Chrome:
  - Open the Google Chrome browser and click on the three-dot icon in the top-right corner of the window, then click Settings.
  - Click About Chrome on the left menu, it will launch update automatically, or click update manually.
  - Wait for the update to finish and click Relaunch.
- For Microsoft Edge:
  - Open the Microsoft Edge browser, click on the three-dot icon in the top-right corner of the window, then click on Help and Feedback.
  - Click on About Microsoft Edge, it will launch update automatically, or click update manually.
  - Wait for the update to finish and click Restart.
Recommended updates includes:
- 114.0.5735.110 for Windows
- 114.0.5735.106 for macOS and Linux
- 114.0.1823.41 for Chromium-based browsers, e.g. Microsoft Edge, etc.

Reference

Enquiry

ITSC Service Desk: http://servicedesk.itsc.cuhk.edu.hk

Published on: 8 Jun 2023

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.