Undetectable Humanizer: Lifetime Subscription
Transform AI-Generated Text into Human-Like, High-Ranking Content & Bypass Even the Most Sophisticated AI Detectors
Get 95% Deal

Google Chrome update fixes 0-day vulnerability exploited in the wild

Martin Brinkmann
Dec 21, 2023
Updated • Dec 21, 2023
Google Chrome
|
13

Google has released a security update for Google Chrome Stable and Google Chrome Extended Stable that addresses a security vulnerability that is exploited in the wild.

Chrome users are encouraged to update Google Chrome to the latest version immediately to protect it from potential attacks.

The fastest way to do that is to load chrome://settings/help in the Chrome address bar. Google Chrome lists the current version and runs a check for updates. It should pick up the security update and start to download it. A restart is required to complete the process.

Chrome's Help page should now display one of the following versions (depending on operating system and channel):

  • Chrome for Linux or Mac: 120.0.6099.129
  • Chrome for Windows: 120.0.6099.129 or 120.0.6099.130
  • Chrome Extended for Mac: 120.0.6099.129
  • Chrome Extended for Windows: 120.0.6099.130

Automatic updates may take longer. Google notes that these may take days or sometimes even weeks before they land on all devices with Chrome Stable or Extended installed.

About the vulnerability

Google Chrome 0-day vulnerability

Google announced the update on the official releases blog. There, the company reveals that the security issue is a heap buffer overflow bug in WebRTC. It assigned a high security rating to the vulnerability and confirmed that it is aware of attacks in the wild: "Google is aware that an exploit for CVE-2023-7024 exists in the wild".

The issue was discovered by members of Google's Threat Analysis Group TAG.

Additional information about security issues, especially those with exploits in the wild, is not provided by Google until the majority of Chrome installations have upgraded to  a newer version that contains a fix.

The 0-day vulnerability is the eighth of the year in Chrome and Chromium-based browsers.

All Chromium-based web browsers are affected by the issue as well. Expect updates for browsers such as Microsoft Edge, Brave, Vivaldi or Opera in the coming days as well because of that.

Google launched Chrome 120 on December 6 to the public. The browser fixed several security issues as well and introduced new features, such as password sharing between family account members.

Summary
Google Chrome update fixes 0-day vulnerability exploited in the wild
Article Name
Google Chrome update fixes 0-day vulnerability exploited in the wild
Description
Google has released a security update for Google Chrome Stable and Google Chrome Extended Stable that addresses a 0-day security vulnerability.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. anne said on December 22, 2023 at 2:52 pm
    Reply

    @Ghacks Admin:

    Can you review Floorp Browser?

    https://floorp.app/

  2. Anonymous said on December 22, 2023 at 2:21 am
    Reply

    Well, All Brave builds updated to Chromium 120.0.6099.144 hours ago, so I have to assume it is fine for everyone using Brave?

  3. Sampei Nihira said on December 21, 2023 at 6:31 pm
    Reply

    According to the article published on Bleeping Computer the vulnerability also affects other browsers including Firefox……………..

    1. 👿 said on December 22, 2023 at 10:50 am
      Reply

      No, it said “[…] weakness in the open-source WebRTC framework …”. They were also likely missing some words in that long rambling paragraph. WebRTC is supported by the browser vendors that were listed.

  4. 👿 said on December 21, 2023 at 12:44 pm
    Reply

    Err “[…] eighths …” you probably meant “eighth”. Eighth recorded Chromium zero-day exploit for this year (so far…).

  5. Dave said on December 21, 2023 at 12:09 pm
    Reply

    Another day, another chromium vulnerability patch……

    1. Andy Prough said on December 22, 2023 at 5:04 am
      Reply

      This is truly shocking.

      Shocking that all those smart Google Threat Analysis Group people could only find one zero-day exploit in Chrome/chromium. They probably missed 3 or 4 others.

      1. Anonymous said on December 22, 2023 at 8:45 am
        Reply

        You have made my day

  6. iron_t said on December 21, 2023 at 9:29 am
    Reply

    chromium based browsers are insecure – stop using them – they have become the laughing stock of Adobe Flash engineers

    1. Lunar Ronin said on December 21, 2023 at 3:37 pm
      Reply

      What’s the alternative? Firefox? The web browser made by a company that wants to censor the Internet and funds political activism that has nothing to do with technology?

      1. Anonymous said on December 22, 2023 at 7:31 pm
        Reply

        They have yet to block a single website. Stop spreading FUD Lunar Ronin.

      2. Anonymous said on December 22, 2023 at 12:30 pm
        Reply

        @Lunar Ronin Are you speaking of Google right?

    2. FanboyNZ said on December 21, 2023 at 11:28 am
      Reply

      Stop spreading FUD iron_t

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.