You are currently viewing Google Chrome Rolls out an Emergency Security Patch for a High Severity Zero-day vulnerability

Google Chrome Rolls out an Emergency Security Patch for a High Severity Zero-day vulnerability

  • Post author:
  • Reading time:5 mins read

Google has recently released an emergency security fix to patch a Zero-day vulnerability in the Chrome web browser. Chrome Zero-day Vulnerability was found within Chrome’s V8 JavaScript engine. Google released the fix to patch this vulnerability on Monday (June 05, 2023). This Zero-day flaw exists in the wild, according to Google advisory. This is the third Zero-day vulnerability addressed by Google since the start of the year. Google tracked this Zero-day vulnerability as CVE-2023-3079 and assigned it a high severity rating. It is essential to have a vulnerability scanning tool to check for vulnerabilities from time to time. At the thought of publication, there were no known POCs available.

SanerNow patch management

Chrome Zero-day Vulnerability Zero-Day CVE-2023-3079 

Chrome’s V8 JavaScript Engine is affected by this vulnerability. V8 is a free and open-source JavaScript and WebAssembly engine developed by the Chromium Project for Chromium and Google Chrome web browsers. Here the vulnerability is exploited by a type-confusion flaw in the V8 JavaScript engine. Type Confusion vulnerability arises when the program allocates a particular type of resource to an object or a variable and then accesses a different type of resource. When there is a compatibility issue in the type of resource allocated, the confusion in this process leads to this kind of vulnerability. Clément Lecigne of Google’s Threat Analysis Group reported this vulnerability on 2023-06-01.

In its advisory, Google stresses the severity of this flaw by mentioning, 

“Google is aware that an exploit for CVE-2023-3079 exists in the wild.”

Affected Products Chrome Zero-day Vulnerability 

Google Chrome version before 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows.

Impact

Type confusion in the V8 JavaScript Engine of Google Chrome could allow a remote attacker to exploit heap corruption via a crafted HTML page, leading to arbitrary code execution.

Solution 

Google has rolled out security updates addressing the issue in Google Chrome version 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows. However, SanerNow detects and automatically fixes these vulnerabilities by applying security updates. Finally, use SanerNow to keep your systems updated and secure. We strongly recommend applying the security updates as soon as possible following the instructions published in our support article.