Join Our Popular Newsletter
Join 4,500+ Linux & Open Source Professionals!
2x a month. No spam.
Google patches RCE bug
Google has uncovered a critical Remote Code Execution (RCE) vulnerability in Chrome that could allow attackers to take control of affected systems.
Users who are concerned about cyber attackers installing malware on their systems will be relieved by the update, which addresses a remote code execution (RCE) bug. The RCE bug, which was discovered recently, could allow hackers to gain access to users’ devices by luring them to click on malicious websites. Six other high-severity bugs are also addressed in the security update, one of which has been vulnerable for nearly a year.
Google issued a security update to address the vulnerability, and users are encouraged to update their Chrome browser as soon as possible. The vulnerability is rated critical because attackers can exploit it remotely without requiring user interaction.
Because the patch is compatible with Windows, macOS, and Linux, the vast majority of Chrome’s 2.65 billion users can rest easy. Google, on the other hand, advises users to install the update as soon as possible in order to protect themselves from potential exploits targeting these vulnerabilities.
The updates will be pushed to Windows, macOS, and Linux desktops, which account for nearly 2.65 billion Chrome users. The “stable channel desktop updates” include Mac and Linux versions 110.0.5481.177 and Windows versions 110.0.5481.177/.178. According to Daniel Yip, technical program manager at Google, updates will be released in the coming days and weeks.
Google has issued a patch to address the vulnerability, and users are advised to update their Chrome browser as soon as possible to avoid being targeted. The patch was included in the Chrome 88.0.4324.150 stable channel update, along with several other security fixes.
Such fixes include 11-month-old Google Chrome SwiftShader high-severity use-after-free flaw (CVE-2023-0928), (CVE-2023-0929) impacting the Chrome video acceleration component Vulkan; two video buffer overflow bug (CVE-2023-0930 and CVE-2023-0931); and a WebRTC (CVE-2023-0932) flaw. The update also includes ten security fixes with Google publicly paying bug bounty researchers over a total of $78,000. The largest bug bounty payout of $31,000 went to researcher Rong Jian, of VRI, for a Google Chrome Web Payment APIs bug (CVE-2023-0927).
The sources for this piece include an article in SCMagazine.