Google Rushes to Patch Eighth Chrome Zero-Day This Year


Google released emergency fixes for a Chrome vulnerability that is being actively exploited on Wednesday. This year, there have been eight recorded zero-days.The problem, identified as CVE-2023-7024, is a high-severity heap buffer overflow bug that affects the WebRTC component of Chrome.

WebRTC (Web Real-Time Communication) is an open-source project that facilitates real-time communication over APIs and is supported by major browser manufacturers. Google has acknowledged that there is a live exploit for CVE-2023-7024, as stated in an advisory from the internet behemoth. Just one day before the updates were released, on December 19, a security flaw was discovered.The business has not released technical details about the flaw itself or information about the known attacks that take advantage of it.

Read More…