Urgent Security Alert: Update Your Chrome Browser Immediately to Patch Actively Exploited Flaw
A high-severity vulnerability in Google Chrome and other Chromium-based browsers is being actively exploited by attackers, prompting a critical warning from federal cybersecurity officials. If you use browsers like Google Chrome, Microsoft Edge, Brave, or Opera, taking immediate action to update your software is essential to protect your system from compromise.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added the flaw, tracked as CVE-2023-7024, to its Known Exploited Vulnerabilities (KEV) catalog. The inclusion in this catalog is significant because it serves as a definitive confirmation that this is not just a theoretical risk—malicious actors are currently using this exploit in real-world attacks.
Understanding the CVE-2023-7024 Vulnerability
At its core, CVE-2023-7024 is a heap-based buffer overflow vulnerability located within WebRTC, an open-source component that enables real-time communication features like video conferencing, voice calls, and file sharing directly within web browsers.
Because WebRTC is a fundamental part of modern web browsing, a flaw within it presents a massive attack surface. By exploiting this buffer overflow, a successful attacker could potentially crash the application or, more dangerously, execute arbitrary code on a victim’s machine. This could lead to a full system takeover, data theft, or the installation of malware like spyware or ransomware.
The vulnerability was discovered and reported by Google’s own Threat Analysis Group, indicating the serious nature of the threat.
Who is at Risk?
This vulnerability affects the open-source Chromium code that powers many of the world’s most popular web browsers. While Google Chrome is the most prominent, you are also at risk if you use:
- Microsoft Edge
- Brave Browser
- Opera
- Vivaldi
- Any other browser built on the Chromium platform.
Due to the active exploitation confirmed by CISA, all users of these browsers on Windows, macOS, and Linux are strongly encouraged to verify they are running a patched version immediately.
How to Protect Yourself: Update Your Browser Now
Protecting yourself from this threat is straightforward but requires immediate action. Browser developers have already released security patches to fix the flaw. You must ensure your update is applied.
For Google Chrome Users:
- Click the three vertical dots in the top-right corner of your browser.
- Navigate to Help > About Google Chrome.
- This page will automatically check for updates. If an update is available, it will begin downloading.
- After the download is complete, you must relaunch your browser to apply the patch.
- Confirm that your version is 120.0.6099.129/.130 or higher for Windows or 120.0.6099.129 or higher for macOS and Linux.
For Users of Other Chromium-Based Browsers:
The process is very similar for browsers like Edge, Brave, and Opera. Find the “About” section in your browser’s settings menu to trigger an update check and apply the latest security patch.
In today’s threat landscape, maintaining software updates is one of the most effective security measures you can take. Enabling automatic updates is highly recommended to ensure you are protected against both current and future vulnerabilities as soon as patches become available. Don’t delay—check your browser version and secure your system today.
Source: https://securityaffairs.com/182509/security/u-s-cisa-adds-google-chromium-flaw-to-its-known-exploited-vulnerabilities-catalog.html
