GOOGLE has issued a critical update to its Chrome browser after discovering a dangerous bug.
The vulnerability is tracked as CVE-2023-3079, Google explained in a blog post issued on June 5.
“Google is aware that an exploit for CVE-2023-3079 exists in the wild,” the tech giant writes.
Because the exploit was in the wild but not yet patched, it was classified as a “zero-day” vulnerability.
“Zero-day flaws are dangerous because they can be fully exploited by hackers and cybercriminals.
They often stem from unknown issues and are especially dangerous until coders fix the problem.
As such, Google quickly targeted the flaw and provided updates for versions 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows.
Google said the updates will “roll out in the coming days/weeks” for all Chrome users.
WHAT IS CVE-2023-3079?
CVE-2023-3079 is a “type confusion in V8 [JavaScript]” vulnerability, according to the National Vulnerability Database.
Type confusion flaws allow remote attackers to potentially exploit heap corruption via a crafted HTML page.
The NVD labeled the vulnerability “high” on its Chromium security severity chart.
Mike Walters, vice-president of vulnerability and threat research at risk-based patch management specialists Action, told Forbes that Type Confusion vulnerabilities “pose a significant risk.”
Walters added that they enable attackers to execute arbitrary code on devices “by exploiting weaknesses in memory object handling.”
HOW TO PROTECT YOUR DEVICE
To keep yourself protected from vulnerabilities it’s recommended that you always keep your software up to date.
To update your Chrome browser, open Google Chrome and then click the three dots (⋮) in the top-right corner.
Choose Help > About Google Chrome. If an update is available, click Check for updates. When the update is finished, click Relaunch.
To update on your Android device, open the Play Store app > at the top right, tap the profile icon.
Tap Manage Apps & Device > under Updates available, find Chrome > next to Chrome, tap Update.
