Chrome Update Addresses New Zero-Day Exploit
"Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year."
- Google has not released details about how the exploit and how it was used in attacks, limiting the information to the severity of the flaw and its type.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," wrote the company.
- "CVE-2023-3079 has been assessed to be a high-severity issue and it was discovered by Google's researcher Clément Lecigne on June 1, 2023, and is a type confusion in V8, Chrome's JavaScript engine tasked with executing code within the browser."
- "Type confusion bugs arise when the engine misinterprets the type of an object during runtime, potentially leading to malicious memory manipulation and arbitrary code execution."
- "It is strongly recommended that all Chrome users install the available security update as soon as possible."