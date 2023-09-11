都市生活

Byヴィッキー・スタヴロプロー

11月2023日、XNUMX年
Google、Chromeのゼロデイ脆弱性に対する緊急セキュリティアップデートをリリース

Google has released emergency security updates to address a zero-day vulnerability in its Chrome web browser. This is the fourth zero-day vulnerability that has been exploited in attacks since the beginning of the year. The vulnerability, identified as CVE-2023-4863, has been actively exploited in the wild. Google has urged Chrome users to upgrade their browsers to the latest version as soon as possible.

The vulnerability, a WebP heap buffer overflow weakness, has the potential to cause crashes and facilitate arbitrary code execution. It was initially reported by Apple SEAR and The Citizen Lab at The University of Toronto’s Munk School. The Citizen Lab has previously uncovered zero-day bugs used in targeted spyware attacks by government-backed threat actors against high-risk individuals, such as opposition politicians, journalists, and dissidents.

While Google has confirmed that the vulnerability has been exploited, the company has not provided specific details about the attacks. It is likely that access to bug details and links will be restricted until a majority of users have updated their browsers with the fix. This is to prevent threat actors from creating their own exploits based on the information.

Chrome users can update their browsers through the Chrome menu or by restarting their devices. Automatic updates will also be installed without user interaction after a restart. By promptly updating their browsers, users can protect themselves from potential attacks before further technical details are released.

In conclusion, Google has taken swift action to address the latest zero-day vulnerability in Chrome. Users are urged to upgrade their browsers to the latest version to mitigate the risk of exploitation. By doing so, they can safeguard their systems and data from potential attacks.

ソース：
– Google Security Advisory
– Apple Security Engineering and Architecture (SEAR)
– トロント大学マンクスクールのシチズンラボ

By ヴィッキー・スタヴロプロー

