Security News > 2023 > September > Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild.
With the latest fix, Google has addressed a total of four zero-days in Chrome since the start of the year -.
iOS 15.7.9 and iPadOS 15.7.9 - iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch macOS Big Sur 11.7.10 and macOS Monterey 12.6.9.
CVE-2023-41064 relates to a buffer overflow issue in the Image I/O component that could lead to arbitrary code execution when processing a maliciously crafted image.
According to the Citizen Lab, CVE-2023-41064 is said to have been used in conjunction with CVE-2023-41061, a validation issue in Wallet, as part of a zero-click iMessage exploit chain named BLASTPASS to deploy Pegasus on fully-patched iPhones running iOS 16.6.
Users are recommended to upgrade to Chrome version 116.0.5845.187/.188 for Windows and 116.0.5845.187 for macOS and Linux to mitigate potential threats.
News URL
https://thehackernews.com/2023/09/google-rushes-to-patch-critical-chrome.html
Related news
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google agrees to delete Chrome browsing data of 136 million users (source)
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Google Cloud Next 2024: New Data Center Chip and Chrome Enterprise Premium Join the Ecosystem (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-07 | CVE-2023-41064 | Classic Buffer Overflow vulnerability in Apple Ipados and Iphone OS A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2023-09-07 | CVE-2023-41061 | Unspecified vulnerability in Apple Ipados A validation issue was addressed with improved logic. | 7.8 |