Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild.
Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto’s Munk School have been credited with discovering and reporting the flaw on September 6, 2023.
The tech giant has yet to disclose additional details about the nature of the exploit, but noted that it’s “aware that an exploit for CVE-2023-4863 exists in the wild.”
With the latest fix, Google has addressed a total of four zero-days in Chrome since the start of the year –
- CVE-2023-2033 (CVSS score: 8.8) – Type Confusion in V8
- CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
- CVE-2023-3079 (CVSS score: 8.8) – Type Confusion in V8