Google has patched a high-severity zero-day vulnerability in its Chrome browser, identified as CVE-2023-3079, which was actively exploited in the wild. This type confusion flaw resides in the V8 JavaScript engine and allows remote attackers to potentially cause heap corruption through a specially crafted HTML page. The vulnerability, which carries a CVSS score of 8.8, was disclosed on June 5, 2023, and was added to the Known Exploited Vulnerabilities (KEV) catalog two days later.
The rapid exploitation of this flaw, within just over a day of its disclosure, underscores the critical nature of the vulnerability. A proof-of-concept exploit is available, highlighting the ease with which attackers can leverage this flaw. The vulnerability affects versions of Google Chrome prior to 114.0.5735.110.
Given the severity and active exploitation of CVE-2023-3079, organizations are urged to update their Chrome installations immediately to mitigate potential risks. The Security Severity Vulnerability Classification (SSVC) recommends attending to this vulnerability promptly, reflecting its potential impact on systems.
Administrators should verify that their systems are running the latest version of Chrome to protect against potential attacks. The swift addition of this vulnerability to the KEV list by CISA further emphasizes the urgency for federal agencies and enterprises to patch their systems without delay.
CSURFACE