Google Fixes New Chrome Zero-Day Flaw With Exploit in the Wild

Cyber Security Threat Summary:
Yesterday, Google released security updates to address a zero-day flaw in its Chrome web browser. Tracked as CVE-2023-3079, the bug has been assessed as a high-severity issue and is related to a type confusion bug in the Chrome V8 JavaScript engine. “Type confusion bugs arise when the engine misinterprets the type of an object during runtime, potentially leading to malicious memory manipulation and arbitrary code execution” (Bleeping Computer, 2023). This could further lead to browser crashes and enable threat actors to escape Chrome’s security sandbox, allowing the attackers to compromise the targeted device.

Security Officer Comments:
CVE-2023-3079 is the third zero-day addressed by Google since the start of the year. Below is a list of the other two zero-days that Google fixed in Chrome:

CVE-2023-2033 - Type Confusion in V8
CVE-2023-2136 - Integer overflow in Skia

Although Google stated it is aware of attacks in the wild exploiting CVE-2023-3079, it has not disclosed the technical details, so that users are given enough time to update their browsers before threat actors can leverage custom exploits in attacks using such details.

Suggested Correction(s):
CVE-2023-3079 has been addressed in 114.0.5735.110 for Windows and 114.0.5735.106 for Mac and Linux. To update Chrome, head to Settings → About Chrome → Wait for the download of the latest version to finish → Restart the program.

Source: https://www.bleepingcomputer.com/