Google
on
Monday
released
security
updates
to
patch
a
high-severity
flaw
in
its
Chrome
web
browser
that
it
said
is
being
actively
exploited
in
the
wild.
Tracked
as
CVE-2023-3079,
the
vulnerability
has
been
described
as
a
type
confusion
bug
in
the
V8
JavaScript
engine.
Clement
Lecigne
of
Google’s
Threat
Analysis
Group
(TAG)
has
been
credited
with
reporting
the
issue
on
June
1,
2023.
“Type
confusion
in
V8
in
Google
Chrome
prior
to
114.0.5735.110
allowed
a
remote
attacker
to
potentially
exploit
heap
corruption
via
a
crafted
HTML
page,”
according
to
the
NIST’s
National
Vulnerability
Database
(NVD).
The
tech
giant,
as
is
typically
the
case,
did
not
disclose
details
of
the
nature
of
the
attacks,
but
noted
it’s “aware
that
an
exploit
for
CVE-2023-3079
exists
in
the
wild.”
With
the
latest
development,
Google
has
addressed
a
total
of
three
actively
exploited
zero-days
in
Chrome
since
the
start
of
the
year
–
Users
are
recommended
to
upgrade
to
version
114.0.5735.110
for
Windows
and
114.0.5735.106
for
macOS
and
Linux
to
mitigate
potential
threats.
Users
of
Chromium-based
browsers
such
as
Microsoft
Edge,
Brave,
Opera,
and
Vivaldi
are
also
advised
to
apply
the
fixes
as
and
when
they
become
available.
