2023 has not been a particularly good year for Google Chrome users, at least in terms of security. Since the beginning of the year, Google’s browser has been affected by several zero-day bugs that have forced Google to release emergency patches so that users can be protected against these problems. When it seemed that the bad streak was over, a group of hackers appears taking advantage of a new unknown zero-day bug in the browser. And, Google, has been forced to release an emergency update because of it.
Zero-day failures are the most dangerous that we can encounter right now. This type of vulnerability is characterized by being security flaws discovered and exploited by hackers but of which Google, or whatever company, is not aware. This means that, if the flaw is not discovered, all users may be exposed to possible attacks. Luckily, this type of failure usually does not last long.
CVE-2023-7024, the bug that broke Chrome
A few hours ago, Google warned about the CVE-2023-7024 bug, a new vulnerability recently discovered by its own workers that, unfortunately, had been in the hands of hackers for some time, and has been used on the network to endanger the safety of users.
Maddie Stone
@maddiestone
💪🏼 Yesterday @_clem1 and @vladhiewsha discovered and reported a new ITW 0-day to the Chrome team. TODAY, 1 day later, Chrome has a fix out to protect users!!! Thank you, Chrome! CVE-2023-7024
https://t.co/2tkx0Zc9pf
December 21, 2023 • 12:32
155
2
This security flaw is of the “buffler overflow” type, which allows you to go outside the memory ranges to access data housed in another part of it, and even load code into this memory. Hackers already had several exploits taking advantage of this security flaw, so, in order not to complicate things further, Google has decided not to share information about the vulnerability, at least for now. It is only known that it is found within the WebRTC component, and that it can also affect other browsers, such as Edge, Safari, etc.
Update the browser
This is the eighth zero-day security flaw to be fixed in 2023, behind CVE-2023-6345, CVE-2023-5217, CVE-2023-4863, CVE-2023-3079, CVE-2023-4762, CVE-2023-2136 and CVE-2023-2033. If we want to avoid being a victim of these hackers, it is necessary to update as soon as possible.
If we want to ensure that we are safe from these computer attacks, it is necessary to check that the version of Chrome that we have installed is 120.0.6099.129, or a later version. If so, we are protected. Otherwise we are in danger.
We remember that Google Chrome has automatic updates in Windows, so, initially, we would not have to do anything to protect ourselves. But, in case this new version is not downloaded automatically, we have two other ways to do it: enter the Google Chrome menu > help > information, from where this version will be automatically downloaded. Or download Chrome from Google’s own website. After installing the new version we will be protected against hackers. At least, until a new zero-day bug comes out.
