Zero-Day Vulnerability in Google Chrome & Chromium-based web browsers (CVE-2023-3079)

A zero-day arbitrary code execution vulnerability (CVE-2023-3079) was identified in Google Chrome & Chromium-based web browsers recently and actively exploited in the wild by unknown threat actors.  The vulnerability could allow remote attacker to execute arbitrary code on computers running unpatched browser version.  Users are urged to apply the latest patch immediately to mitigate any potential threats.

 

Vulnerability

  • Arbitrary Code Execution Vulnerability (CVE-2023-3079)
    • Description:
      The vulnerability is caused by a type confusion within the V8 JavaScript engine in Google Chrome, which enables a remote attacker to exploit a heap corruption via a crafted HTML page. Successful exploitation of the vulnerability may result in arbitrary code execution.

 

Severity Level

  • High

 

Affected versions

  • Google Chrome prior to 114.0.5735.110 for Windows
  • Google Chrome prior to 114.0.5735.106 for MacOS and Linux
  • Chromium-based browsers, e.g. Microsoft Edge, prior to 114.0.1823.41

 

Remediation

  • Update Google Chrome and Chromium-based browsers to the latest version ASAP with the steps below:
    • For Google Chrome:
      • Open the Google Chrome browser and click on the three-dot icon in the top-right corner of the window, then click Settings.
      • Click About Chrome on the left menu, it will launch update automatically, or click update manually.
      • Wait for the update to finish and click Relaunch.
    • For Microsoft Edge:
      • Open the Microsoft Edge browser, click on the three-dot icon in the top-right corner of the window, then click on Help and Feedback.
      • Click on About Microsoft Edge, it will launch update automatically, or click update manually.
      • Wait for the update to finish and click Restart.
  • Recommended updates includes:
    • 114.0.5735.110 for Windows
    • 114.0.5735.106 for macOS and Linux
    • 114.0.1823.41 for Chromium-based browsers, e.g. Microsoft Edge, etc.

 

Reference

 

Enquiry

 

 

Published on: 8 Jun 2023