Tuesday, March 19, 2024

Google Chrome Zero-Day Vulnerability Exploited Widely – Urgent Update

Google has recently taken prompt security measures by releasing a security update for its Chrome web browser, aiming to fix the third zero-day vulnerability of this year that hackers have exploited.

The third Chrome zero-day vulnerability that was fixed recently by Google has been tracked as “CVE-2023-3079.”

Exploitation of Zero-day

Detailed information regarding the exploit and its application in attacks has not been disclosed by the company, with the focus limited to highlighting the severity of the flaw and its classification.

In the event of discovering a new security flaw, Google always follows its traditional protocol of not disclosing any technical information or data related to the flaw.

This action aims to ensure users’ protection until a significant portion of them have successfully migrated to the secure version. 

Not only that even this approach also restricts malicious actors from exploiting the disclosed information to create additional exploits.

Google’s researcher, Clément Lecigne, uncovered CVE-2023-3079 on June 1, 2023, marking it as a high-severity vulnerability.

This flaw resides in V8, Chrome’s JavaScript engine that is responsible for the interpretation and execution of code in the browser.

Type confusion bugs occur when the engine incorrectly identifies the object’s type at runtime, which can result in dangerous manipulation of memory and the execution of arbitrary code. 

These bugs pose a serious threat as they can enable malicious activities and compromise system security by exploiting the engine’s misinterpretation of object types.

Chrome Stable Channel Update

Sophisticated state-sponsored threat actors frequently exploit zero-day vulnerabilities, specifically targeting influential individuals in several critical organizations. 

So, to ensure the utmost security, it is highly advised that Chrome users promptly update their vulnerable version of Chrome.

Taking immediate action to update your browser will help safeguard against potential attacks and protect against potential risks.

Over the upcoming days/weeks, the 114.0.5735.106 update for Mac and Linux and the 114.0.5735.110 update for Windows will be gradually rolled out to the Stable and extended stable channels.

Update Chrome

Here below we have mentioned the simple steps to update your Chrome browser:-

  • Firstly you have to open the Chrome browser on your computer.
  • Then you have to open the browser window’s Chrome settings menu in the upper right corner (Three vertically aligned dots).
  • Now you have to click on the settings menu to open the drop-down menu.
  • Then select the “Help” option.
  • Now, in the “Help” submenu, click on “About Google Chrome”.
  • That’s it, now if an update is available, Chrome will automatically start downloading and installing it.
  • Once the update is finished, relaunch Google Chrome to ensure the latest version is applied.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Website

Latest articles

Hackers Exploiting Microsoft Office Templates to Execute Malicious Code

In a cyberattack campaign dubbed "PhantomBlu," hundreds of employees across various US-based organizations were...

How ANY.RUN Malware Sandbox Process IOCs for Threat Intelligence Lookup?

The database includes indicators of compromise (IOCs) and relationships between different artifacts observed within...

CryptoWire Ransomware Attacking Abuses Schedule Task To maintain Persistence

AhnLab security researchers detected a resurgence of CryptoWire, a ransomware strain originally prevalent in...

E-Root Admin Sentenced to 42 Months in Prison for Selling 350,000 Credentials

Tampa, FL – In a significant crackdown on cybercrime, Sandu Boris Diaconu, a 31-year-old...

WhiteSnake Stealer Checks for Mutex & VM Function Before Execution

A new variant of the WhiteSnake Stealer, a formidable malware that has been updated...

Researchers Hacked AI Assistants Using ASCII Art

Large language models (LLMs) are vulnerable to attacks, leveraging their inability to recognize prompts...

Microsoft Deprecate 1024-bit RSA Encryption Keys in Windows

Microsoft has announced an important update for Windows users worldwide in a continuous effort...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles