Exploitation of CVE-2023-3079 in Google Chrome

Google releases a security update to address a zero-day vulnerability in Google Chrome

Threat ID:: CC-4328
Threat Severity:: Medium
Published:: 6 June 2023 3:27 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Google releases a security update to address a zero-day vulnerability in Google Chrome

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 114.0.5735.110

Google Chrome for Microsoft Windows, Apple macOS, and Linux

Threat details

Introduction

Google has released a security update to address a high-severity zero-day vulnerability within the Google Chrome web browser for Windows, macOS, and Linux. This vulnerability, known as CVE-2023-3079, is caused by a type confusion within the V8 JavaScript engine. A malicious attacker could exploit this vulnerability using a specially crafted HTML page to cause a heap corruption, which could lead to arbitrary code execution.

Exploitation of CVE-2023-3079

Google is aware that an exploit for CVE-2023-3079 exists in the wild.

Remediation advice

Affected organisations are encouraged to review the Chrome Release and apply the necessary updates to the latest release.

Definitive source of threat updates

https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html

CVE Vulnerabilities

Status Published

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Last edited: 6 June 2023 3:27 pm