News on June 7, in a Chrome blog announcement on June 5, Google has confirmed that a zero-day vulnerability in its Chrome web browser is being actively exploited and issued an emergency security update in response. The desktop app has been updated to version 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows, all of which will be "rolling out in the coming days/weeks," Google says.
The bulletin said there were two security fixes included in the update, but only one was actually detailed: CVE-2023-3079. CVE-2023-3079 is a type confusion vulnerability in the V8 JavaScript engine and is the third zero-day vulnerability in Google Chrome in 2023. Type confusion vulnerabilities pose a significant risk, allowing attackers to exploit weaknesses in memory object handling to execute arbitrary code on the target machine. Users are strongly advised to update their browsers in time to mitigate potential risks.