overview
A zero-day vulnerability (CVE-2023-3079) was found in Google’s Chrome web browser and is actively being exploited in the wild. According to the National Vulnerability Database (NIST), the vulnerability is high severity and is a type confusion flaw in the V8 JavaScript engine of Google Chrome prior to 114.0.5735.110. The flaw allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Although Google is aware of the zero-day, the tech giant has not disclosed any technical details surrounding the vulnerability due to them wanting to roll out updates to as many customers as possible before providing details. Type confusion vulnerabilities present substantial risks to organizations, as they can enable attackers to execute arbitrary code on targeted systems by exploiting flaws in the handling of memory objects.
Google has released a patch for CVE-2023-3079, and it is highly recommended that users check to see if the patch has been applied. Please remember that you need to restart your browser for the update to be effective. Restarting is crucial for those who have many tabs open, rarely closing their browser.
Google’s advisory stated the following:
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-3079. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.While Google Chrome is not widely used at an enterprise level, the browser could be used as an attack vector. Avertium is raising awareness among our customers to check for updates regarding this vulnerability before it's too late.
SUPPORTING DOCUMENTATION