Google recently announced an emergency patch for a Chrome vulnerability that is being weaponized.
This is the eighth zero-day for 2023, far fewer than 2022’s record number of fifteen. The issue, tracked as CVE-2023-7024 is described as a high-severity heap buffer overflow bug in Chrome’s WebRTC component.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebRTC. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable systems.
Solution
Upgrade to the latest version of Chrome stable channel using Syxsense.
Syxscore Risk Alert
This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.8 (High Severity) and the vulnerability is being weaponized.
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope (Jump Point): No
Simplify your IT Management with the Ultimate Patch Management Tool
Looking for better patch management?
With Syxsense, you can deploy Windows, Mac, and Linux updates and see an accurate count of all versions on your dashboard. Keep up with security threats and patches, including updates for third-party software applications such as Adobe, Java, and Chrome. Click here to start using Syxsense today.
