Google has released security updates to address a high-severity zero-day flaw, tracked as CVE-2023-3079, in its Chrome web browser. This vulnerability, related to type confusion in the V8 JavaScript engine, was actively exploited in the wild.
The discovery was made by Clement Lecigne of Google’s Threat Analysis Group, a team dedicated to monitoring nation-state actors’ activities.
Although Google did not provide specific details about the attacks exploiting CVE-2023-3079, the company acknowledges the existence of an exploit in the wild. In response, Google has rolled out updates for the Stable and extended stable channels, namely versions 114.0.5735.106 for Mac and Linux, and 114.0.5735.110 for Windows, which will be gradually released over the coming days and weeks.
This zero-day vulnerability, CVE-2023-3079, marks the third actively exploited flaw in Chrome that Google has addressed in 2023. The previous ones were CVE-2023-2033, a type confusion issue in V8, and CVE-2023-2136, an integer overflow in the Skia graphics library.
All of these critical security issues were reported by Clément Lecigne from Google’s Threat Analysis Group, emphasizing the ongoing efforts to secure Chrome against potential threats.
