Security News > 2023 > September > Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild.

With the latest fix, Google has addressed a total of four zero-days in Chrome since the start of the year -.

iOS 15.7.9 and iPadOS 15.7.9 - iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch macOS Big Sur 11.7.10 and macOS Monterey 12.6.9.

CVE-2023-41064 relates to a buffer overflow issue in the Image I/O component that could lead to arbitrary code execution when processing a maliciously crafted image.

According to the Citizen Lab, CVE-2023-41064 is said to have been used in conjunction with CVE-2023-41061, a validation issue in Wallet, as part of a zero-click iMessage exploit chain named BLASTPASS to deploy Pegasus on fully-patched iPhones running iOS 16.6.

Users are recommended to upgrade to Chrome version 116.0.5845.187/.188 for Windows and 116.0.5845.187 for macOS and Linux to mitigate potential threats.

News URL

https://thehackernews.com/2023/09/google-rushes-to-patch-critical-chrome.html