CTI Flash Briefing
The Fight Continues: Chrome Addresses Its Third 0-Day Exploit in 2023
Breakdown
Google released a security update for Chrome yesterday that contains a fix for a 0-day exploit that is under active exploitation in the wild. It has been listed as a type confusion bug in the V8 JavaScript engine (CVE-2023–3079). Everyone should install the latest version of Chrome from the Help -> About Google Chrome menu if not already prompted to update.
Overview
It was discovered by one of Google’s Threat Analysis Group researchers, but otherwise no exact details on the exploit have been released. A basic description from thehackernews blog on this vulnerability:
“Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” according to the NIST’s National Vulnerability Database (NVD).
Recommendation
We recommend everyone upgrade to version 114.0.5735.110 for Windows and 114.0.5735.106 for macOS and Linux immediately to mitigate any potential risks to your organization’s and your own personal systems.
Conclusion
To our current SOC partnerships, please reach out to our SOC team to learn more about the best steps in researching your exposure to this threat. If you have any questions on this on-going event or need any level of security assistance, please reach out to Hunter Strategy and we will be happy to discuss next steps in securing your IT systems!
Contact Us
contact@hunterstrategy.net
