Get in Touch
Indiscriminate, opportunistic targeting.
Google has disclosed the fourth Chrome zero-day vulnerability of the year, in which an emergency security update has been released. The security flaw, tracked as CVE-2023-4863 has been subjected to active exploitation since the start of 2023 and is caused by a WebP heap buffer overflow condition.
Successful exploitation of CVE-2023-4863 could allow a threat actor to crash the target system and gain arbitrary code execution capabilities. In such instances, it is highly likely that these conditions will result in the loss of target device function as well as the compromise of sensitive data.
Google has released a security update with regards to the product versions affected by the security flaw. As such, previous versions are vulnerable to potential exploitation.
Containment, Mitigations & Remediations
It is strongly recommended that Google Chrome users update their web browser to the following versions as soon as possible:
- Version 116.0.5845.187 for Mac and Linux
- Version 116.0.5845.187/.188 for Windows.
The updates mentioned above can be applied manually by following the steps outlined below:
- Navigate to the Google Chrome menu
- Select the “Help” option
- Select “About Google Chrome”.
It should be noted that the Chrome browser will automatically install the update without requiring user interaction after a restart.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Google Chrome occupies a significant portion of the browser market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Google Chrome has become a prime target. Due to the fact that the Chrome browser has become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within the product in an attempt to extract the sensitive data contained therein.
Google has confirmed that CVE-2023-4863 has been actively exploited in the wild. However, at the time of writing, further details have not been disclosed. Google further stated that the technical details may be restricted until the majority of Chrome users apply the update and that these restrictions will remain if the vulnerability is present in a third-party library. As such, Chrome users can update their browsers to mitigate against attack efforts prior to the release of technical details, meaning that is likely that threat actors will create their own exploits and deploy them in attack campaigns.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0002 – Execution