Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now!
Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild.
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
The tech giant, as is typically the case, did not disclose details of the nature of the attacks, but noted it's aware that an exploit for CVE-2023-3079 exists in the wild.
With the latest development, Google has addressed a total of three actively exploited zero-days in Chrome since the start of the year.
CVE-2023-2033 (CVSS score: 8.8) - Type Confusion in V8
CVE-2023-2136 (CVSS score: 9.6) - Integer overflow in Skia
Users are recommended to upgrade to version 114.0.5735.110 for Windows and 114.0.5735.106 for macOS and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.