Google has released security updates to address chrome zero day vulnerability CVE-2023-7024. The heap buffer overflow vulnerability exploits the high-severity vulnerability, which could allow an attacker to execute arbitrary code on the affected system.
The Stable channel has been updated to 120.0.6099.129 for Mac, and Linux and 120.0.6099.129/130 for Windows, which will roll out over the coming days/weeks. It is recommended to upgrade to the Chrome version 120.0.6099.129/130 for Windows, macOS, and Linux to mitigate potential threats.
Google is aware that an exploit for CVE-2023-7024 exists in the wild. Access to bug details and links may be restricted until most users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed.
The Extended Stable channel has been updated to 120.0.6099.129 for Mac and 120.0.6099.130 for Windows, which will roll out over the coming days/weeks.
Google Chrome Zero Day Vulnerability
The high-severity zero-day vulnerability CVE-2023-7024 is due to a heap based buffer overflow bug in the WebRTC open-source framework of many other web browsers, chromium based browsers and browsers such as Mozilla Firefox, Safari, to provide Real-Time Communications (RTC) capabilities via JavaScript APIs.
High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19
Update Google Chrome Browser with the latest Patch
The Google Chrome Stable channel has been updated to 120.0.6099.129 for Mac, and Linux and 120.0.6099.129/130 for Windows, which will roll out over the coming days/weeks.
If you haven’t blocked automatic updates for Google Chrome or managed from the organization. Google Chrome can automatically update when a new version of the browser is available on your device.
Normally updates happen in the background when you close and reopen your computer’s browser. But if you haven’t closed your browser in a while, you might see a pending update, To update Google Chrome:
- On your device, open Chrome. At the top right, click More
.
- Click Help
About Google Chrome.
- Click Update Google Chrome. You’re on the latest version if you can’t find this button.
SCCM and Intune application model is the feature-rich option to update Chrome for a large organization. If you are using SCCM, or Intune for managing the devices in your enterprise, then you should use the application model to update Google Chrome, Patch Chrome With SCCM 3rd Party Software Update Feature.
A history of fixed Chromium security bugs is best found via security notes in Stable Channel updates on the Google Chrome releases blog. You can also find fixed, publicly visible Type=Bug-Security bugs in the issue tracker (note: security bugs automatically become publicly visible 14 weeks after they are fixed).
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune