.webp)
Summary
Google released an advisory on December 20th detailing a new Stable Channel update for Desktop. In this release, a vulnerability known as CVE-2023-7024 was patched. It was reported that an exploit for this vulnerability exists in the wild. Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group were responsible for discovering and reporting on this zero-day vulnerability. Not much information is available at this time for CVE-2023-7024, but it is described as a heap buffer overflow in WebRTC.
Impact Assessment
This vulnerability impacts Google Chrome versions for Windows, Mac, and Linux up to 120.0.6099.129/130. What exactly is impacted by this zero-day vulnerability is unknown, but there are some common effects which are shared between heap buffer overflow vulnerabilities. They can cause a denial of service through crashing, exiting, or restarting and by causing resource consumption. It can allow for the attacker to execute unauthorized code or commands, bypass protection mechanisms, and modify memory.
It is also expected that any applications that utilize WebRTC will be affected, so stay informed on any applications which may use video chats, meetings, or video calling as they may be vulnerable to this vulnerability.
What it means for you
Applying updates to your Google Chrome browser and monitoring news and releases from other organizations such NVD for more information is of paramount importance. The impact of this vulnerability could be much larger than just Google Chrome, so stay informed.
Remediation
Applying the latest version of Chrome 120.0.6099.129/130 will remediate this vulnerability.
Business Implications
Exploitation of this vulnerability could cause denial of service and execution of arbitrary code or commands. The impact on the business as a result depends on the threat actor exploiting and what protections are in place. However, monetary loss, data loss/exfiltration, lateral movement within the organization, installation of malware, and lack of access to systems could result from exploitation.
Access Point Technology Recommends
Patch: We are recommending patching your browser as soon as possible to remediate this actively exploited zero-day vulnerability.
Stay informed: Monitor news outlets and vulnerability information about this vulnerability to know when patches are made available for other software which may be impacted by this vulnerability.
.jpg)
