Google discovers another Chrome zeroday exploited in the wild

pppGoogle Chrome has released an emergency security fix for a zeroday flaw that has been exploited in the wildppThis vulnerability tracked as CVE20237024 affects the desktop versions of the browser on Mac Linux and WindowsppIt is the eighth actively exploited zeroday in Chrome discovered since the start of 2023 Clément Lecigne and Vlad Stolyarov of Googles Threat Analysis Group first reported it on December 19ppNot many details are available about the flaw except that it was found in WebRTC an opensource project that provides web browsers and mobile applications with realtime communication via simple application programming interfaces APIsppThe security update fixes a potential heap buffer overflow in WebRTC Such flaws can occur in a specific part of the memory allocation of a computer programppGoogle hasnt provided any details about specific attacks that exploit the vulnerability It is also not clear if any users were directly affected by its exploitation The CVSS сommon vulnerability scoring system assessing the severity of this bug is not yet availableppAccess to bug details and links may be kept restricted until a majority of users are updated with a fix Google saidppChrome vulnerabilities often rise to a level of severity that prompts Google to issue a patch as soon as one is ready instead of waiting for the next regular update cycleppEarlier in November Google released an update to address a severe vulnerability that affected 2D graphicsrendering code known as Skia This bug was also exploited in the wildppIn October the company issued fixes for a bug in an opensource tool known as libvpx used in video encodingppDaryna Antoniuk is a reporter for Recorded Future News based in Ukraine She writes about cybersecurity startups cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia She previously was a tech reporter for Forbes Ukraine Her work has also been published at Sifted The Kyiv Independent and The Kyiv Postpp Copyright 2024 The Record from Recorded Future Newsp