Google just released a patch for their Chrome browser, a Type Confusion flaw which is being actively exploited in the wild.

If you are using the Chrome browser, be sure to update as soon as possible: 114.0.5735.110 for Windows and 114.0.5735.106 for Mac.

Since Microsoft uses the same engine for Edge, it, too, has the flaw. Microsoft is aware of the issue and is actively working on releasing a patch.

This is Google’s third zero-day for the year.

CVE-2023-3079

Source: Google, Microsoft, Nakedsecurity

Definitions

zero-day- A software security flaw that is unknown to the software vendor and for which there is no patch or fix available. Attackers can exploit zero-day vulnerabilities to gain unauthorized access to systems or data, and to carry out other malicious activities.

type confusion bug - A bug that occurs when code assumes a variable is of a certain type, but at runtime it is actually of a different type. This can lead to unexpected behavior, such as crashes or security vulnerabilities, as the code tries to use the variable in ways that are not appropriate for its actual type.

Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.