1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Chrome's third exploited zero-day this year has also been fixed

    From TechnologyDaily@1337:1/100 to All on Wed Jun 7 11:30:03 2023
    Chrome's third exploited zero-day this year has also been fixed

    Date:
    Wed, 07 Jun 2023 10:15:33 +0000

    Description:
    Google Chrome users are being urged to apply this patch to prevent known exploits from abusing a vulnerability.

    FULL STORY ======================================================================

    Google is urging Chrome users to apply a security update to their browsers as it pushes a fix for a zero-day vulnerability that has known exploits.

    Update 114.0.5735.106 for Mac and Linux, or 114.0.5735.110 for Windows, has addressed CVE-2023-3079 which was reported to Google days before a patch was released to the public on June 5.

    The vulnerability was given a high severity rating, hence the fast-paced approach to issuing a fix, though precise details remain under wraps as the company waits for more users to apply the fix (and protect themselves against hackers). Update Google Chrome now

    The CVE description reads: Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Read more

    The best endpoint protection software


    Google says it will definitely ditch cookies...by 2024


    Chrome is ditching its browser security warning - and replacing it with
    something worse

    In its announcement , Google admitted that it is aware that an exploit for CVE-2023-3079 exists in the wild, thanking Clment Lecigne of the companys Threat Analysis Group for reporting the vulnerability on June 1.

    This isnt the first time Google has had issues with the V8 JavaScript engine, with the browsers first zero-day of 2023 also attributable to that. Its
    second zero-day saw a C++ 2D graphics library issue rectified.

    While Google is typically quick to respond to bugs, a lengthy delay can occur between a bug being reported and details about it being shared, because the company wants to ensure that consumers have applied the relevant fixes first.

    The announcement reads: Access to bug details and links may be kept
    restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but havent yet fixed. Think youve been
    affected? Here are the best malware removal tools



    ======================================================================
    Link to news story: https://www.techradar.com/news/chromes-third-exploited-zero-day-this-year-has- also-been-fixed


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)