Google Chrome has a vulnerability of the most dangerous kind, so you’ll want to check that your browser is updated to the latest version which carries the fix.
The worst kind of vulnerability is one that’s known about, and Google has confirmed that this particular hole in Chrome has already been exploited. So not only is it known to malicious actors, but it’s also being actively leveraged against Chrome users, which is obviously bad news.
The problem in this case, as outlined by Google, is a heap buffer overflow in WebRTC. (As the name suggests, this is an issue where an attacker causes an area of memory to be written to so it overflows, opening up the avenue for exploitation).
This is known as vulnerability CVE-2023-7024, and Google acknowledges that an exploit for it exists out there.
Heap and stack overflows are some of the more common attack vectors around, and indeed this is far from the first heap overflow gremlin that has troubled Google’s web browser.
How to fix this security flaw
Fortunately, there’s no need to panic – all you have to do to protect yourself from this attack is open Chrome’s Settings page (from the three-dot menu, top-right of the browser). From there, look at the left-side panel, and click on ‘About Chrome’ at the bottom of the list.
Just opening this will automatically check for updates and apply an upgrade if it’s needed. To have protection against this exploit, on a Windows PC you should be on Chrome version 120.0.6099.130 (or alternatively 120.0.6099.129 – and that’s the version you’ll want to be running on Mac or Linux).
When we checked, we were still running version 120.0.6099.110, and our Chrome browser hadn’t updated itself yet. So, it’s well worth checking now, and getting this sorted before there’s any chance of your PC being compromised.
Don’t forget that after Chrome has updated itself, you’ll need to close the browser (all instances of it), and reopen it to apply the upgrade – then everything’s sorted and you’re good to go.
Via Ghacks