From thehackernews.com
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild.
Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash.
Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto’s Munk School have been credited with discovering and reporting the flaw on September 6, 2023.
The tech giant has yet to disclose additional details about the nature of the exploit, but noted that it’s “aware that an exploit for CVE-2023-4863 exists in the wild.”
With the latest fix, Google has addressed a total of four zero-days in Chrome since the start of the year –
- CVE-2023-2033 (CVSS score: 8.8) – Type Confusion in V8
- CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
- CVE-2023-3079 (CVSS score: 8.8) – Type Confusion in V8