Google has rolled out a crucial update to its Chrome web browser. The security patch released on Monday is meant to address a critical security flaw. As such, all Chrome users are urged to immediately update their web browser.
The security flaw was tracked as CVE-2023-4863 and is reported to be a heap buffer overflow. Ordinarily, a heap buffer overflow is associated with program crashes. In other instances, it can put a program into a constant loop. Essentially, the attack makes a program unavailable to users.
Similar to an Apple security flaw reported last week, this flaw was detected by the Citizen Lab. This is a civil organization that does research on cybersecurity threats. The group reported the flaw on the 6th of September 2023.
This was another zero-day vulnerability discovered by the group after the Apple discovery. A zero-day vulnerability is an undiscovered flaw in an application or operating system, a gap in security for which there is no defense or patch because the software maker does not know it exists. In short, the organization has had “zero days” to prepare an effective response.
Additionally, it is the fourth zero-day vulnerability Google has had to patch on Chrome this year.
Google Chrome Update Available for MacOS/Windows
CVE-2023-4863 is dependent on image processing. In the event a maliciously developed image is processed, the flaw could start the execution of code that causes a buffer overflow issue in the Image I/O component. As stated earlier, this causes program crashes or puts the program in an endless loop.
All Chrome users are immediately urged to perform an upgrade. For Windows users, upgrade to Chrome version 116.0.5845.187/.188. MacOS users should upgrade to version 116.0.5845.187.
Furthermore, users who use Brave, Edge, and Vivaldi should also upgrade to newer browser versions. Brave released an update on the 12th of September.