Security News > 2023 > December > Google fixes 8th Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year.
The company fixed the zero-day bug for users in the Stable Desktop channel, with patched versions rolling out worldwide to Windows users and Mac and Linux users one day after being reported to Google.
The bug was discovered and reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group, a collective of security experts whose primary goal is to defend Google customers from state-sponsored attacks.
Google's Threat Analysis Group frequently discovers zero-day bugs exploited by government-sponsored threat actors in targeted attacks aiming to deploy spyware on the devices of high-risk individuals, including opposition politicians, dissidents, and journalists.
While Google knows that CVE-2023-7024 was exploited as a zero-day in the wild, it has yet to share further details regarding these incidents.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-21 | CVE-2023-7024 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |