Google released security updates to address a zero-day vulnerability in the widely used web browser Chrome. Google has given CVE-2023-3079 a high severity rating. The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group. Google is aware of the active exploitation of the vulnerability.
The advisory provides no information regarding the other vulnerability patched with the latest update.
CISA has added this critical vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before 28th June 2023.
Google Chrome versions prior to 114.0.5735.106 and 114.0.5735.110 are affected by this vulnerability.
Customers are requested to upgrade to the latest stable channel version, 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows. For more information, please refer to the Google Chrome security page.
Microsoft has released the Microsoft Edge Stable Channel Version 114.0.1823.41 to address CVE-2023-3079, which the Chromium team has reported as being exploited in the wild.
Qualys customers can scan their devices with QIDs 378549 and 378557 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.