Google fixes 8th zero-day bug in Chrome exploited in attacks this year
Google has issued an emergency patch to address yet another Chrome zero-day vulnerability that has been exploited in the wild, making this the eighth patch issued since the beginning of the year.
"Google is aware that an exploit for CVE-2023-7024 exists in the wild," a security advisory wrote in a blogpost.
The tech giant fixed the zero-day flaw for users in the Stable Desktop channel, with patched versions rolling out globally to Windows users (120.0.6099.129/130) and Mac and Linux users (120.0.6099.129) one day after it was reported to Google.
The bug was discovered and reported by Clement Lecigne and Vlad Stolyarov of Google's Threat Analysis Group (TAG).
TAG is a group of security professionals whose primary goal is to protect Google customers against state-sponsored attacks, according to Bleeping Computer.
The high-severity zero-day vulnerability (CVE-2023-7024) is due to a heap buffer overflow weakness in the open-source WebRTC framework.
Several web browsers, including Mozilla Firefox, Safari, and Microsoft Edge, utilize JavaScript APIs to provide real-time Time Communications (RTC) capabilities (e.g., video streaming, file sharing, and VoIP telephony), the report explained.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. Meanwhile, Google is rolling out a new "AI support assistant" chatbot on some of its Help pages to provide users with product assistance.
When visiting the support pages for some Google products, users will encounter a "Hi, I'm a new Al support assistant. Chat with me to find answers and solve account issues" dialogue box in the bottom-right corner of your screen, reports 9to5Google.