Security News > 2023 > December > Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP
2023-12-21 03:41
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément
News URL
https://thehackernews.com/2023/12/urgent-new-chrome-zero-day.html
Related news
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Perforce Puppet update accelerates vulnerability remediation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-21 | CVE-2023-7024 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |