The Google Chrome browser has recently been found to have a zero-day vulnerability CVE-2023-3079, which poses a major security risk. Google today announced the release of an emergency security update for Chrome, recommending that users update the browser version in time to reduce any potential risks.
(Recap:CertiK explosion: Microsoft Office has a zero-day vulnerability!Hack into Metamask, suggest to switch to cold wallet)
(background supplement:Google Researcher: North Korean Hackers Attack Cryptocurrencies, Media and Other Organizations Through “Chrome Zero-Day Vulnerability”)
divisionTechnology giant Google issued an announcement on the 6th, announcing the release of an emergency security update for Chrome, desktop applications have been updated to version 114.0.5735.106 for Mac and Linux, and version 114.0.5735.110 for Windows. released within.
Brave, a privacy browser based on the Chromium architecture, also issued an announcement saying that Brave’s desktop and Android versions have been updated to v1.52.122. The new version includes fixes for Chromium vulnerabilities. If Brave does not update automatically, users need to update it manually.
Today’s browser update (v1.52.122) for desktop and Android contains a fix for a Chromium vulnerability found to be exploited in the wild.
You may have received the automatic Brave update already. If not, you can update by visiting ‘About Brave’ from the browser’s ☰ menu.
— Brave Software (@brave) June 6, 2023
Introduction to the CVE-2023-3079 Vulnerability
The Chrome update covers 2 security fixes, but only one of them is actually detailed, namely CVE-2023-3079, according to the National Vulnerability Database of the National Institute of Standards and Technology (NIST). The CVE-2023-3079 vulnerability could allow a remote attacker to cause memory corruption by directing the user to a carefully crafted HTML webpage. The security severity is high.
Forbes reported that CVE-2023-3079 is a type confusion vulnerability in the V8 JavaScript engine. It was discovered by the Google Threat Analysis Team and is the third zero-day vulnerability discovered by Chrome in 2023. Vice President of Vulnerability and Threat Research at Action1 According to Mike Walters, the vulnerability has significant risks:
The type confusion vulnerability poses a significant risk, allowing an attacker to exploit a weakness in memory object handling to execute arbitrary code on a target machine.
Mike Walters explained that this is because objects in the V8 engine are “types assigned based on the underlying data type”, but due to flaws in the implementation of the type checking mechanism, malicious actors can trick the JavaScript engine into treating variables as different types than they actually are , with the net effect of making it possible for malicious actors to execute arbitrary code.
Therefore, Mike Walters strongly recommends that users update their browser versions in a timely manner to reduce any potential risks.
Chrome found to have 32 malicious extensions
Previously, information security company Avast just wrote an article warning that on the Chrome app store platform, the Avast team found 32 extensions implanted with malicious code, with a total installation volume of 75 million times, reminding users to be careful, otherwise there may be a Theft of funds, the risk of asset theft.
📍Related reports📍
Ethereum 2.0 Client Teku Urges Users to Urgently Install an Update Due to the Zero-Day Vulnerability
Compensate BTC to victimized customers!General Bytes, the largest Bitcoin ATM manufacturer: the hacking incident will not repeat itself
Pretending to be a spreadsheet Chrome plugin “Google Sheets”, the hacker took the opportunity to drop the package and transfer the target address!