Security News > 2023 > September > Google fixes another Chrome zero-day bug exploited in attacks
Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year.
This update was immediately available when BleepingComputer checked for new updates via the Chrome menu > Help > About Google Chrome.
On Thursday, Apple patched two zero-days tagged by Citizen Lab as being exploited in attacks as part of an exploit chain known as BLASTPASS to infect fully-patched iPhones with NSO Group's Pegasus mercenary spyware.
While Google said the CVE-2023-4863 zero-day has been exploited in the wild, the company has yet to share more details regarding these attacks.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said.
Google to fight hackers with weekly Chrome security updates.
News URL
Related news
- Google fixes Android kernel zero-day exploited in attacks (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Google says new scam protection feature in Chrome uses AI (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-4863 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. network low complexity google fedoraproject debian mozilla microsoft webmproject netapp bentley bandisoft CWE-787 | 8.8 |