Google has responded swiftly to yet another zero-day vulnerability in Chrome, marking the eighth emergency patch released this year. This vulnerability, identified as CVE-2023-7024, has been exploited in live environments, prompting immediate action from the tech giant.
Addressing this zero-day flaw, Google released a patch for users on the Stable Desktop channel. The updated versions have been globally deployed to Windows users (120.0.6099.129/130) and Mac and Linux users (120.0.6099.129) within a day of the issue being reported.
The discovery and report of this bug came from the diligent efforts of Clement Lecigne and Vlad Stolyarov from Google's Threat Analysis Group (TAG). This specialized group focuses on safeguarding Google customers against state-sponsored cyberattacks.
The vulnerability, classified as high severity, stems from a heap buffer overflow weakness in the open-source WebRTC framework. Notably, various web browsers, including Mozilla Firefox, Safari, and Microsoft Edge, rely on JavaScript APIs derived from WebRTC to facilitate real-time communications such as video streaming, file sharing, and VoIP telephony.
Google has taken precautionary measures by limiting access to specific bug details and links until the majority of users have received the fix. Concurrently, the company is introducing an "AI support assistant" chatbot on select Help pages to aid users with product-related queries and account issues, enhancing user support experiences across its platforms. This chatbot initiative is currently being rolled out on designated Google product support pages, offering users direct assistance and solutions.
(With Agency Inputs)
ALSO READ | Pixel 8 Pro Now Powered by Google's AI Model 'Gemini Nano'
