overview

This week, Google released an emergency security update to fix a critical zero-day vulnerability found in Google Chrome. The vulnerability is being tracked as CVE-2023-4863 and has been exploited by attackers. According to Google, CVE-2023-4863 is a heap buffer overflow flaw in WebP.  

If successful, attackers will be able to remotely run commands on target devices. As always, Google has remained tight lipped about the technical details regarding the vulnerability because they want to give as many users as possible the time to update their browsers.  

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.” - Google 

Thankfully, the update that Google released is immediately available. Chrome users are strongly encouraged to promptly update their web browser to version 116.0.5845.187 (for Mac and Linux) and 116.0.5845.187/.188 (for Windows). The update addresses vulnerability present in Windows, Mac, and Linux operating systems.  

To check for the update via Chrome, go to Menu>Help>About Google Chrome. The web browser will additionally perform automatic checks for new updates and install them after restarting, without further user interaction.  

 

 

avertium's recommendationS

Ensure that all devices within your organization are running the latest version of the Chrome web browser.  
  • Promptly update to version 116.0.5845.187 (for Mac and Linux) and 116.0.5845.187/.188 (for Windows) to patch CVE-2023-4863.  
  • See Google’s advisory for further details 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-4863. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive

 

 

How Avertium is Protecting Our CUSTOMERS

Avertium offers Vulnerability Management (VM) to provide a deeper understanding and control over organizational information security risks If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.  







SUPPORTING DOCUMENTATION

Chrome Releases: Stable Channel Update for Desktop (googleblog.com) 

Zero-Day flaw found in Google Chrome browser - Tech Monitor 

Google fixes another Chrome zero-day bug exploited in attacks (bleepingcomputer.com) 
Chat With One of Our Experts



Zero-Day Vulnerability Flash Notice Google Chrome Google Chrome Vulnerability Google Zero-Day Blog