overview
This week, Google released an emergency security update to fix a critical zero-day vulnerability found in Google Chrome. The vulnerability is being tracked as CVE-2023-4863 and has been exploited by attackers. According to Google, CVE-2023-4863 is a heap buffer overflow flaw in WebP.
If successful, attackers will be able to remotely run commands on target devices. As always, Google has remained tight lipped about the technical details regarding the vulnerability because they want to give as many users as possible the time to update their browsers.
“Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.” - Google
Thankfully, the update that Google released is immediately available. Chrome users are strongly encouraged to promptly update their web browser to version 116.0.5845.187 (for Mac and Linux) and 116.0.5845.187/.188 (for Windows). The update addresses vulnerability present in Windows, Mac, and Linux operating systems.
To check for the update via Chrome, go to Menu>Help>About Google Chrome. The web browser will additionally perform automatic checks for new updates and install them after restarting, without further user interaction.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-4863. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.SUPPORTING DOCUMENTATION