Governance & Risk Management , Patch Management

Google Flags 8th Chrome Zero-Day of the Year

Exploit for WebRTC Exists in the Wild
Google Flags 8th Chrome Zero-Day of the Year
Image: Shutterstock

Google rolled out security updates Wednesday for its Chrome web browser to fix a critical vulnerability exploited in the wild.

See Also: Finding and Managing the Risk in your IT Estate: A Comprehensive Overview

"Google is aware that an exploit for CVE-2023-7024 exists in the wild," Chrome's security advisory said.

The zero-day vulnerability is a heap-based buffer overflow bug in the open-source WebRTC framework.

WebRTC is a critical component that allows real-time communication and data exchange between different browsers and devices. It focuses on audio and video traffic, allowing developers to build voice- and video-communication solutions. WebRTC provides software developers with application programming interfaces written in JavaScript.

Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group discovered and reported the flaw.

It marks the eighth Chrome zero-day of the year. Lecigne in September reported another heap-based buffer overflow zero-day that was fixed but was "in use by a commercial surveillance vendor," at the time (see: Chrome Patches 0-Day Exploited by Commercial Spyware Vendor).

Details of the latest zero-day are scarce as "access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. Google is trying to reduce the likelihood of threat actors developing newer exploits by not disclosing complete technical information. Data from cybersecurity firm Qualys stated that 25% of the high-risk security vulnerabilities discovered in 2023 had been immediately targeted for exploitation, "with the exploit being published on the same day as the vulnerability itself was publicly disclosed."


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.