Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2023-3079)

Google has released Chrome Version 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows to fix a zero-day vulnerability (CVE-2023-3079).

Based on the official site for Chrome updates, “Google is aware of reports that an exploit for CVE-2023-3079 exists in the wild.”.

_____________________________

A. Nature of Vulnerability

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

_____________________________

B. Actions to be Taken

CERT-PH recommends the following actions be taken:

Review and apply the necessary update to mitigate future threats.
- Go to Chrome Settings > Help > About Google Chrome
Keep your operating system and other software up to date.
For additional information, kindly refer to the official report
- https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3079