CVE-2023-3079: New Google Chrome 0-Day Vulnerability Being Exploited in the Wild
A high-severity zero-day flaw, which had been actively exploited in the wild, has hit Google Chrome – the world’s most popular internet browser. On Tuesday, Google swiftly pushed patches to contain the security vulnerability for desktop versions of the Chrome browser, confirming the seriousness of the risk.
The identified vulnerability, officially cataloged as CVE-2023-3079, raises alarm due to its potential misuse by threat actors. The issue stems from a “type confusion” in V8, the open-source JavaScript engine developed by Google for the Chrome web browser. Essentially, type confusion can cause the program to misinterpret the data type that it is processing, potentially leading to unpredictable and harmful behavior, including unauthorized system access or information disclosure.
While it’s a relief to have the flaw exposed, the fact that it was being actively exploited in the wild adds an ominous hue to this revelation. Actively exploited zero-day vulnerabilities are a top-tier threat in the cyber world, as they present real-world risks before developers have the opportunity to counteract them. “Google is aware that an exploit for CVE-2023-3079 exists in the wild,” Google explains.
The discovery of the flaw is credited to Clément Lecigne of Google’s Threat Analysis Group (TAG). TAG, an assembly of elite security researchers within Google, has been at the forefront of identifying and countering cyber threats. Lecigne noted for his skills in cyber forensics, reported the flaw on June 1, 2023.
In response to this immediate threat, Google has released patches for Chrome on different platforms. Users are urged to update their Chrome browsers to version 114.0.5735.106 for macOS and Linux, and 114.0.5735.110 for Windows. It’s essential to prioritize this update to ensure your browsing remains as safe as possible.
Users of other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, should also heed this warning. Given the shared core code, these browsers may be susceptible to the same vulnerability. Consequently, users are strongly advised to apply patches as soon as they become available to guard against potential threats.