New Chrome zero-day
Yesterday, Google addressed another zero-day vulnerability affecting Google Chrome. The Flashpoint Intel Team quickly published an alert to VulnDB customers and have been closely tracking the vulnerability since.
This is the third zero-day vulnerability reported in the popular browser so far this year. Exploitation of the vulnerability was noticed by Google’s own Threat Analysis Group (TAG), but details about active exploitation are currently limited.
Interestingly, none of the three zero-day vulnerabilities reported in Google Chrome this year have been within the core browser but rather in libraries that it relies upon. One of the two previously reported zero-days also affected V8, CVE-2023-2033, while the other was reported in the Skia 2D graphic library, CVE-2023-2136.
Google Chrome fixes are available in version 114.0.5735.106 for Mac and Linux and version 114.0.5735.110 for Windows. According to Google’s advisory, these will “roll out over the coming days/weeks.”
Flashpoint continues to monitor both vulnerabilities, and our VulnDB entries are updated with more information as it becomes available.