"Google Rushes to Patch Eighth Chrome Zero-Day This Year"
Google recently announced emergency patches for a Chrome vulnerability that is under active exploitation. This is the eighth zero-day documented this year. Google noted that the issue is tracked as CVE-2023-7024 and is a high-severity heap buffer overflow bug in Chrome’s WebRTC component. WebRTC (Web Real-Time Communication) is an open-source project that provides real-time communication via APIs. Google is aware that an exploit for CVE-2023-7024 exists in the wild. Google noted that the security hole was reported on December 19, just one day before the patches came out. Google has not shared technical information on the bug itself nor provided details on the observed attacks exploiting it. The latest Chrome iteration is now rolling out as version 120.0.6099.129 for macOS and Linux, and as versions 120.0.6099.129/130 for Windows. Google also announced that it has updated the Chrome Extended Stable channel to version 120.0.6099.129 for macOS and to version 120.0.6099.130 for Windows.
SecurityWeek reports: "Google Rushes to Patch Eighth Chrome Zero-Day This Year"