There are currently clear signs that attackers could attack Chrome in a timely manner or are already doing so.
The security gap
In a post, Google warns that they have encountered circulating exploit code tailored to a security vulnerability they have classified as “critical” (CVE-2023-4863). Accordingly, attacks are obvious.
The vulnerability affects Google’s WebP image format. Attackers are said to be able to trigger memory errors (heap buffer overflow) in a way that is not described in detail. This usually leads to malicious code getting onto systems and attackers completely compromising computers.
The developers claim to have closed the gap in Chrome versions 116.0.5845.187/188 for Windows and 116.0.5845.187 for Linux and macOS. You can check which version is installed on your computer under Windows under Help/About Google Chrome. This also triggers an update. The web browser also updates itself automatically.
Discoverer of vulnerability
In the article they state that security researchers from the Citizen Lab at the University of Toronto, among others, discovered the vulnerability. In the past, researchers have uncovered several espionage attacks on journalists and politicians, among others.
They recently made headlines when they published information about security holes in Apple’s operating systems that attackers had exploited.
To the home page
#Patch #Attacks #critical #malicious #code #gaps #Chrome #obvious