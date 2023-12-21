Google has released some security updates for the Google Chrome web browser to address a high-severity zero-day vulnerability, which has been exploited in the online environment to the detriment of the privacy and data security of various users.

What is the Google Chrome zero-day issue?

The vulnerability, identified with the CVE code CVE-2023-7024, has been described as a overflow bug of the heap in the WebRTC framework which could be exploited by cyber criminals to cause program crashes or malicious code execution (like the recent JaskaGo case, as if on purpose programmed with a programming language made by Google).

Clément Lecigne and Vlad Stolyarov of the Google Threat Analysis Group (TAG) were credited with discovering and reporting the flaw on December 19, 2023.

No other details about the security flaw have been released to avoid further abuse, with Google saying recognizes That “There is an exploitation for CVE-2023-7024 in the online environment“.

The development marks the resolution of theeighth actively exploited zero-day vulnerability in Google Chrome since the beginning of the year:

CVE-2023-2033 (CVSS score: 8.8) – bugs in V8;

CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia;

CVE-2023-3079 (CVSS score: 8.8) – bugs in V8;

CVE-2023-4762 (CVSS score: 8.8) – still bugs in V8;

CVE-2023-4863 (CVSS score: 8.8) – Heap buffer overflow in WebP;

CVE-2023-5217 (CVSS score: 8.8) – Heap buffer overflow in vp8 encoding in libvpx;

CVE-2023-6345 (CVSS score: 9.6) – Integer overflow in Skia.

Overall, 26,447 vulnerabilities have been disclosed so far in 2023, exceeding the previous year by more than 1,500 CVEs, second data compiled by Qualyswith 115 flaws exploited by cybercriminals and ransomware groups.

Remote code execution, bypassing security features, buffer manipulation, Privilege escalation and input validation and parsing flaws emerged as the most common types of vulnerabilities.

Users are advised to update to Chrome version 120.0.6099.129/130 for Windows and 120.0.6099.129 for macOS and Linux to mitigate potential threats.

That's not all, as Google Chrome's code is also shared with other browsers, so users of Chromium-based browsers, such as Microsoft Edge, Brave, Opera and Vivaldi, are also advised to apply fixes as they become available.

What to do if the browser in question does not update

As a rule, Chrome should update automatically. however, if Google Chrome does not update automatically, however, if this doesn't work there are precautions to take such as installing “over” the program from the official website.

Windows

From Windows it is more than enough to download the executable file (.exe) from the official website page of Google Chrome and simply run what the executable claims; there should be no problems with the installation, if some “daredevils” still use old versions of Windows (such as Windows 7), it should be noted that Chrome is no longer supported for Windows 7 and Windows 8 and users are encouraged to upgrade to newer Windows systems (if possible) or move to supported operating systems.

macOS

The process is similar to that of Windows, with the difference that you need to download the DMG file and follow the steps shown on the video, in the worst case there exists Google guide about.

Linux

In versions of Linux such as those based on Debian and Ubuntu, nothing but the classic “sudo apt update” combined with “sudo apt upgrade” can't fix (sudo pacman -Syu in versions based on Arch Linux), if by chance you installed the browser via other systems such as Flatpak, nothing that the “flatpak update” command can't fix”.



Android and iOS

As a rule, those who use these mobile operating systems, if they do not have automatic updates activated, simply need to update via the Google Play Store and Apple Store, those who use alternative stores such as the Aurora Store on some custom Android ROMs are better off immediately going to the alternative store to update the software.