Google Fixes Chrome Zero-Day Exploited In The Wild

Giulio Saggin
Giulio Saggin
Thursday 21 December 2023
Google Fixes Chrome Zero-Day Exploited In The Wild
Photo: Benjamin Dada / Unsplash

It's time to update your Chrome, after Google announced it "is aware that an exploit for CVE-2023-7024 exists in the wild."

This zero-day, the eighth patched since the start of the year, is described as a heap-based buffer overflow bug in the WebRTC framework, which is used by several web browsers, including Safari, Microsoft Edge, and Mozilla Firefox, to deliver Real-Time Communications (RTC) capabilities such as file sharing, video streaming, and VoIP telephony through JavaScript APIs.

Google recommends users to upgrade their Chrome browsers to version 120.0.6099.129 for macOS and Linux, as well as 120.0.6099.129/130 for Windows. Anyone using Chromium-based browsers, such as Microsoft Edge, Vivaldi, Opera and Brave, are advised to apply fixes from their respective vendors.

The bug was discovered by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group (TAG) which, among other things, detects hacking attempts in order to protect users from attacks and uncovers zero-days exploited by government-sponsored threat actors.

Full details can be found HERE.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203