Security News > 2023 > June > Exploited zero-day patched in Chrome (CVE-2023-3079)
![Exploited zero-day patched in Chrome (CVE-2023-3079)](/static/build/img/news/exploited-zero-day-patched-in-chrome-cve-2023-3079-medium.jpg)
Google has fixed a high-severity vulnerability in the Chrome browser that is being exploited by attackers.
"Google is aware that an exploit for CVE-2023-3079 exists in the wild," the Chrome team says.
To address this critical issue, users are advised to upgrade their Google Chrome browser to the latest version.
These latest versions also include fixes for bugs unearthed by Google via internal audits, fuzzing and through other initiatives.
This marks the third time in the current year that Google Chrome has experienced a zero-day vulnerability exploited in the wild.
Google has recently considerably augmented the reward amount for security bug reports that include a functional full chain exploit of Chrome.
News URL
https://www.helpnetsecurity.com/2023/06/07/cve-2023-3079/
Related news
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) (source)
- Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-05 | CVE-2023-3079 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |