Google has released an emergency security update, which fixes a new Chrome zero-day security vulnerability.
“Google is aware that an exploit for CVE-2023-4863 exists in the wild,”the company announced in a security advisory. This issue has been described as a case of heap buffer overflow that resides in the WebP image format.
To help you understand, heap buffer overflow occurs when a program tries to write more data to an allocated memory buffer than the buffer is actually designed to hold. In certain cases, this vulnerability might let an attacker perform arbitrary code execution, meaning they can run code of their choosing on the affected system.
Google credits Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto’s Munk School for discovering and reporting the flaw on September 6, 2023. However, the Mountain View company refrained from disclosing details on the bug. Google does not provide information on how attackers might have exploited the vulnerability.
Chrome users are strongly encouraged to update their web browsers to the latest version, 116.0.5845.187 for Mac and Linux, and 116.0.5845.187.188 for Windows. This update is essential as it addresses the CVE-2023-4863 vulnerability.
The new firmware is currently rolling out to users in the Stable and Extended stable channels, and it might reach every user in the coming days or weeks. The update was available for download when we checked for new updates on a Windows PC via the Chrome menu > Help > About Google Chrome.
The latest vulnerability comes after Google announced in August that it would be issuing weekly security updates for Stable Chrome users. The company has said that it will promptly address and release an unscheduled patch for Chrome if a security exploit is found to be actively exploited in the wild.