Security News > 2023 > June > Google fixes new Chrome zero-day flaw with exploit in the wild
Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year.
Withholding technical information is the usual stance from Google when a new security issue is found.
The first zero-day vulnerability that Google fixed in Chrome this year was CVE-2023-2033, which is also a type confusion bug in the V8 JavaScript engine.
A few days later, Google released an emergency security update for Chrome to patch CVE-2023-2136, an actively exploited vulnerability impacting the browser's 2D graphics library, Skia.
To start the Chrome update procedure manually to the latest version that addresses the actively exploited security issue, head to the Chrome settings menu and select Help About Google Chrome.
The new stable channel release addressing the flaw that has an exploit in the wild is version 114.0.5735.110 for Windows and 114.0.5735.106 for Mac and Linux.
News URL
Related news
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) (source)
- Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) (source)
- Google fixes eighth actively exploited Chrome zero-day this year (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-19 | CVE-2023-2136 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2023-04-14 | CVE-2023-2033 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |