High Severity Zero-Day Vulnerability Hit Google Chrome Users
The high-severity flaw allowed remote attackers to use heap corruption through crafted HTML pages.
- Google has released a security patch for a high-severity flaw CVE-2023-3079 in its Chrome browser, which runs on V8 JavaScript engines.
- Antivirus firm Avast revealed several spurious extensions on the Chrome browser that have impacted more than 75 million users.
Google released a new security update for its Chrome browser to patch the third zero-day vulnerability exploited by malicious actors in 2023. The vulnerability, CVE-2023-3079, has been classified as a high-severity issue that runs on Chrome’s V8 JavaScript engine. As usual, Google has not released any technical details about the security issue to protect users and prevent hackers from developing new exploits.
The first zero-day vulnerability in Chrome this year was CVE-2023-2033, a confusion-type bug. This was followed by CVE-2023-2136, which impacted Skia, the browser’s 2D graphics library. These bugs have been primarily exploited by major organizations and state-sponsored actors, making prompt security updates imperative.
In addition to patching the new vulnerability, Google added fixes to other issues found in code fuzzing analysis and internal audits. The patch is not set to be released simultaneously and will roll out to users over the coming days through browser restarts.
See More: WWDC 2023: All the Shiny New Hardware From Apple This Year
Avast Finds 32 Malicious Chrome Extensions
Antivirus firm Avast revealed its discovery of several harmful Google Chrome extensions on the Chrome Web Store used by malicious actors to inject adware and malware into user systems. Google has now removed these extensions.
The Avast team found 32 malicious Chrome extensions with a collective download number of more than 75 million. These extensions include several ad blockers, recorders, browser themes, tab managers, and downloaders. It has also been confirmed that an additional 50 extensions have already been eliminated from the Web Store.
In most cases, malicious code is not apparent and is hidden behind several useful features. Downloading these extensions can lead to manipulated search results, unwanted ads, and even dangerous links. Avast has recommended deleting these extensions by users who have downloaded them.
What steps have you taken to tackle security issues on Google Chrome? Let us know on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
