Flash Notice: Google Patches Chrome Type Confusion Zero-Day Exploited by Attackers

overview

A zero-day vulnerability (CVE-2023-3079) was found in Google’s Chrome web browser and is actively being exploited in the wild. According to the National Vulnerability Database (NIST), the vulnerability is high severity and is a type confusion flaw in the V8 JavaScript engine of Google Chrome prior to 114.0.5735.110. The flaw allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.  

Although Google is aware of the zero-day, the tech giant has not disclosed any technical details surrounding the vulnerability due to them wanting to roll out updates to as many customers as possible before providing details. Type confusion vulnerabilities present substantial risks to organizations, as they can enable attackers to execute arbitrary code on targeted systems by exploiting flaws in the handling of memory objects.  

Google has released a patch for CVE-2023-3079, and it is highly recommended that users check to see if the patch has been applied. Please remember that you need to restart your browser for the update to be effective. Restarting is crucial for those who have many tabs open, rarely closing their browser.  

avertium's recommendations

Google’s advisory stated the following:  

• The Stable and extended stable channels has been updated to 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. 

INDICATORS OF COMPROMISE (IoCs)

How Avertium is Protecting Our CUSTOMERS

While Google Chrome is not widely used at an enterprise level, the browser could be used as an attack vector. Avertium is raising awareness among our customers to check for updates regarding this vulnerability before it's too late. 

SUPPORTING DOCUMENTATION