San Francisco: Google has issued a security update for the Chrome web browser to address the third zero-day vulnerability exploited by hackers this year.
“Google is aware that an exploit for CVE-2023-3079 exists in the wild,” Google said in a blogpost.
The company has not released details about the exploit and how it was used in attacks, instead focusing on the severity and type of flaw.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed,” the company said.
Type confusion bugs occur when an object’s type is misinterpreted by the engine during runtime, potentially leading to malicious memory manipulation and arbitrary code execution.
In March, Google security teams discovered 18 zero-day vulnerabilities in Samsung Exynos chips used in several top Android smartphones and wearables that may put those devices at risk.
Google’s Project Zero head Tim Willis said in a blog post that the four most severe of these vulnerabilities “allowed for Internet-to-baseband remote code execution.”