Security News > 2023 > September > Google fixes another Chrome zero-day bug exploited in attacks
Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year.
This update was immediately available when BleepingComputer checked for new updates via the Chrome menu > Help > About Google Chrome.
On Thursday, Apple patched two zero-days tagged by Citizen Lab as being exploited in attacks as part of an exploit chain known as BLASTPASS to infect fully-patched iPhones with NSO Group's Pegasus mercenary spyware.
While Google said the CVE-2023-4863 zero-day has been exploited in the wild, the company has yet to share more details regarding these attacks.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said.
Google to fight hackers with weekly Chrome security updates.
News URL
Related news
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Phishers abuse Google OAuth to spoof Google in DKIM replay attack (source)
- Cookie-Bite attack PoC uses Chrome extension to steal session tokens (source)
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-4863 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. network low complexity google fedoraproject debian mozilla microsoft webmproject netapp bentley bandisoft CWE-787 | 8.8 |