Zero-day alert: Google issues patch for new Chrome vulnerability

Google has released a security update for its Chrome web browser to address the third zero-day vulnerability that hackers exploited this year.

“Google is aware that the CVE-2023-3079 exploit is out in the wild,” Google said in a blog post.

The company did not reveal details about the vulnerability and how it was used in the attacks, instead focusing on the severity and type of the flaw.

“Access to bug details and links may remain restricted until the majority of users have updated with a fix. We will also maintain the restriction if the bug resides in a third-party library that other projects similarly rely on, but has not yet been fixed,” the company said.

According to BleepingComputer, CVE-2023-3079 is a severe security vulnerability discovered on June 1, 2023 by Google researcher Clement Lecigne. It’s kind of confusing in V8, Chrome’s JavaScript engine is tasked with executing code within the browser.

Type confusion errors occur when the engine misinterprets an object’s type at runtime, which can lead to malicious memory manipulation and arbitrary code execution.

The first zero-day vulnerability that Google patched in Chrome this year was CVE-2023-2033, which is also a confusion bug in the V8 JavaScript engine.

In March, Google security teams discovered 18 zero-day vulnerabilities in Samsung Exynos chips used in various Android smartphones and wearables that could compromise those devices.

The head of Project Zero at Google, Tim Willis, said in a blog post that the four most serious of these vulnerabilities “allowed remote code execution from the Internet to the baseband.”

– Jans

shs/kvd