Google Patches Third Chrome Zero-Day of 2023

From securityweek.com

Google on Monday released a Chrome 114 security update that patches the third zero-day vulnerability found in the web browser in 2023.

Google said the latest version of Chrome patches two flaws, including CVE-2023-3079, a type confusion issue affecting the V8 JavaScript engine. 

The internet giant noted that the vulnerability, discovered on June 1, has been exploited in the wild, but has not shared any information on the attacks.

However, the fact that the security hole and its exploitation were discovered by Clement Lecigne of Google’s Threat Analysis Group suggests that CVE-2023-3079 has likely been exploited by a commercial spyware vendor.

Google regularly publishes blog posts describing the exploits used by various spyware vendors, which typically advertise their products for lawful surveillance by government agencies. However, their solutions have often been abused by totalitarian regimes to spy on critics. 

In many cases, spyware vendors integrate Chrome vulnerabilities into complex exploit chains that are designed to target Android devices. 

Read more…