CVE-2023-7024: Zero-Day Vulnerability Threatens Chrome Web Browser
Google, a giant in the tech industry, has recently issued emergency updates to address a critical Chrome zero-day vulnerability that had been exploited in the wild. This vulnerability, identified as CVE-2023-7024, poses a significant risk to users and has been discovered and reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG).
Google’s Threat Analysis Group (TAG) is a collective of security experts with a mission to protect Google’s customers from state-sponsored cyberattacks. These attacks often target high-risk individuals, including opposition politicians, dissidents, and journalists. TAG’s vigilant efforts led to the discovery of CVE-2023-7024, a high-severity zero-day vulnerability that posed a serious threat to web browsers.
The zero-day vulnerability, CVE-2023-7024, is rooted in a heap buffer overflow weakness within the open-source WebRTC framework. WebRTC is a critical component utilized by numerous web browsers, including Mozilla Firefox, Safari, and Microsoft Edge, to deliver Real-Time Communications (RTC) capabilities such as video streaming, file sharing, and VoIP telephony through JavaScript APIs. This widespread usage makes the vulnerability particularly concerning, as it could potentially impact a large number of users across various platforms.
One of the most alarming aspects of CVE-2023-7024 is that it had been actively exploited in the wild before its discovery. The term “in the wild” signifies that threat actors were utilizing this vulnerability to carry out malicious activities. While Google is aware of these incidents, it has not disclosed specific details regarding the nature of the attacks or their targets.
In response to this critical threat, Google has released emergency updates to address CVE-2023-7024. Users are strongly urged to upgrade their Chrome browsers to version 120.0.6099.129 for macOS and Linux, as well as 120.0.6099.129/130 for Windows. Additionally, users of Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are advised to promptly apply any fixes made available by their respective vendors.
