Google has released updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome.
As per the advisory, CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19.Google is aware that an exploit for CVE-2023-7024 exists in the wild.
The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm.
The flaw has been addressed with the release of version 120.0.6099.129 for Mac,Linux, and 120.0.6099.129/130 for Windows, which will roll out over the coming days/weeks.
As usual, Google did not publish details about the attacks exploiting the flaw in the wild.
Also, this vulnerability is the eighth issue patched by Google since the start of the year.
Below is the list of actively exploited zero-day vulnerabilities in Chrome addressed by Google this year:
- CVE-2023-2033 – Type Confusion in V8
- CVE-2023-2136 – Integer overflow in the Skia graphics library
- CVE-2023-3079 – Type Confusion in V8
- CVE-2023-4863 – Heap buffer overflow in WebP
- CVE-2023-5217 – Heap buffer overflow in vp8 encoding in libvpx
- CVE-2023-6345 – Integer overflow in Skia graphics library
- CVE-2023-4762 – Type Confusion in V8
