Google this week is rolling out new versions of Chrome solely to address a critical security flaw said to be exploited by hackers in the wild.
Chrome users on Windows, Mac and Linux are offered an emergency update destined solely to address a bug tracked as CVE-2023-4863and labeled Critical by the web giant.
“Google is aware that an exploit for CVE-2023-4863 exists in the wild,” the advisory notes.
Essentially a heap buffer overflow in WebP, the bug in question, can be exploited to compromise the target system (likely from afar), though Google stops short of listing the technicalities of the flaw.
This is expected, as Google doesn’t want to give away details that might enable bad actors to take advantage of the flaw.
The flaw in question was reported by Apple’s Security Engineering and Architecture (SEAR) team, alongside The Citizen Lab at The University of Torontoʼs Munk School.
The same Citizen Lab – renowned for their crusade against mercenary spyware – last week sounded the alarm about a new wave of Pegasus attacks exploiting zero-day flaws in Apple software. It is unclear if this week’s Chrome emergency update is in any way related to the spyware threat highlighted by The Citizen Lab last week, but it’s at least a noteworthy coincidence.
Bitdefender recommends users always install the new versions of Chrome as they become available, to ensure that the latest security fixes are applied.
Home users should also consider deploying a dedicated security solution on their devices, to fend off the wide array of threats now targeting Windows, Macs, iOS and Android devices.