In a crucial development, Google has issued an urgent security update for its widely-used Chrome browser. This update is in response to the discovery of a highly concerning vulnerability, identified as CVE-2023-4863, which poses a significant threat to users.
The CVE-2023-4863 vulnerability, classified as a heap buffer overflow, has the potential to be exploited with relative ease, raising serious security concerns. Alarmingly, Google has confirmed that this vulnerability has already been exploited in real-world attacks.
What makes this situation even more alarming is that the security breach affects Chrome builds across all supported operating systems, including Mac, Linux, and Windows. Users across the board are urged to apply the patch immediately to safeguard their online security
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
The bug was reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at the University of Toronto’s Munk School on 6 September.
The Citizen Lab also recently uncovered two zero-day vulnerabilities within Apple’s systems. These vulnerabilities, known as CVE-2023-41064 and CVE-2023-41061, were exploited in the wild, putting iPhone and Mac users at risk.
In response to these security threats, both Google and Apple have acted swiftly to protect their users. They have released security updates aimed at mitigating the risks associated with these zero-day vulnerabilities. Apple has even acknowledged that there are reports of active exploitation of these flaws, underscoring the urgency of addressing the issue.
Last month Google changed the Google Chrome security updates schedule from bi-weekly to weekly to address the growing patch gap problem that allows threat actors extra time to exploit published n-day and zero-day flaws.
