Security News > 2023 > September > Google fixes another Chrome zero-day bug exploited in attacks
Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year.
This update was immediately available when BleepingComputer checked for new updates via the Chrome menu > Help > About Google Chrome.
On Thursday, Apple patched two zero-days tagged by Citizen Lab as being exploited in attacks as part of an exploit chain known as BLASTPASS to infect fully-patched iPhones with NSO Group's Pegasus mercenary spyware.
While Google said the CVE-2023-4863 zero-day has been exploited in the wild, the company has yet to share more details regarding these attacks.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said.
Google to fight hackers with weekly Chrome security updates.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Chrome will let you send money to your favourite website (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- 18-year-old security flaw in Firefox and Chrome exploited in attacks (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-12 | CVE-2023-4863 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. network low complexity google fedoraproject debian mozilla microsoft webmproject netapp bentley CWE-787 | 8.8 |