CVE-2023-7024: New Zero-Day Vulnerability in Google Chrome

The world’s most popular web browser, Chrome, has continued to be a target for hackers, with Google scrambling to patch a critical security vulnerability actively exploited by hackers. This “zero-day” bug, dubbed CVE-2023-7024, lurks within the WebRTC framework, the engine behind real-time features like video conferencing and online gaming. The stakes are high: if exploited, this vulnerability could allow attackers to plant spyware on your device, silently monitoring your every move and potentially stealing sensitive information.

“Google is aware that an exploit for CVE-2023-7024 exists in the wild,” the company wrote in a security advisory.

This isn’t just a Chrome problem. This bug resides in the WebRTC framework, a common building block used by browsers like Firefox, Safari, and even Microsoft Edge, making millions potentially exposed.

Google’s Threat Analysis Group (TAG), a crack team of cybersecurity ninjas, discovered the bug and suspects it’s already being exploited by government-backed hackers. These digital spies target high-profile individuals like activists, journalists, and even you.

The vulnerability stems from a “heap buffer overflow,” a technical term for a security gap that allows attackers to inject malicious code. This code can then exploit WebRTC, which handles things like video calls and online file sharing, to spy on your activity and potentially even take control of your device.

Google has released emergency updates to seal this browser breach. Chrome users, head to “Settings” and click “About Chrome” to grab the latest version (120.0.6099.129 for macOS and Linux, 120.0.6099.129/130 for Windows). Users of other browsers, keep your eyes peeled for similar updates coming soon.