CVE-2023-3079 is a type confusion bug in V8.
On Monday, Google released a security patch to take care of a critical vulnerability in the Chrome web browser, which it claimed had already been subjected to an attack.
CVE-2023-3079 in Chrome: What Is Known?
Google has become aware of an exploit, known as CVE-2023-3079, for its Chrome browser that is being used in the wild. As such, the tech giant has taken necessary steps to bolster Chrome’s defenses by releasing updates to mitigate potential threats.
Described as CVE-2023-3079, this issue is a type confusion bug in V8, the JavaScript engine. This was first spotted by Clement Lecigne of Google’s Threat Analysis Group on June 1, 2023. According to the National Vulnerability Database from NIST, a remote attacker might have been able to exploit heap corruption through a crafted HTML page using the same type confusion bug in V8.
While the nature of the exploit was not disclosed, the company has addressed a total of three actively exploited zero-days in Chrome since the start of the year: CVE-2023-2033, a Type Confusion in V8 (CVSS score: 8.8), and CVE-2023-2136, an Integer overflow in Skia (CVSS score: 9.6).
If you use the Chrome web browser, be advised to upgrade to version 114.0.5735.110 for Windows and 114.0.5735.106 for macOS and Linux. Also, keep in mind that Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi also need the fixes as soon as they become available.