It is once again time to update Chrome—even if you don’t use Chrome, it still might be time to update your browser. Depending on how you surf the web, you might be at risk from a new zero-day vulnerability.
What’s going on with the latest Google Chrome update?
The latest update for Google Chrome—version 120.0.6099.129 for Mac and Linux, and versions 120.0.6099.129/130 for Windows—patches just one security flaw, but that doesn’t mean you should ignore it. The flaw, tracked as CVE-2023-7024, is a heap buffer overflow in WebRTC, a platform that adds communication features like video and audio without the need for plugins. When this type of flaw occurs, bad actors can exploit it to gain arbitrary code execution: In other words, they can take over the system. Bad news.
When a flaw like this is discovered, it’s always important for developers to patch it as soon as possible. However, CVE-2023-7024 is essential to patch immediately, as it is a zero-day vulnerability. That means bad actors know about the flaw and have exploited it already. Google confirmed as much in its blog post, saying they are aware an exploit for this flaw exists in the wild.
Zero-day flaws like CVE-2023-7024 mean that anyone running the version of software before the patch are vulnerable to the exploit. It’s not clear how many times this flaw has been exploited, or how wide-spread the situation is, but it is imperative to update your browser as soon as possible.
As this flaw affects Chrome, it affects Chromium, the platform Chrome is built on. That means any browser that uses Chromium, including Microsoft Edge, Brave, and Opera, all too must update as soon as possible to protect against this zero-day.
How to update Google Chrome to patch this zero-day flaw
To update Chrome yourself, click the three-dot menu in the top-right corner of your window, then choose Help > About Google Chrome. Allow Chrome to look for a new update. When it does, follow the on-screen instructions to install the update and relaunch the browser.
Leave a Reply
You must be logged in to post a comment.