What is the Vulnerability?
A zero-day vulnerability in Google Chrome is actively exploited in the wild. The vulnerability is a Heap buffer overflow issue in the open-source WebRTC framework. Many other web browsers, such as Mozilla Firefox, Safari, and Microsoft Edge, also use the WebRTC framework to provide Real-Time Communications (RTC) capabilities. A successful exploitation of the vulnerability via a crafted HTML page could allow an attacker to execute arbitrary code on the affected system.
What is the Vendor Solution?
Google has released security updates to address this high-severity zero-day vulnerability (CVE-2023-7024) in Google Chrome. Chromium-based browsers such as Microsoft Edge are also affected by this vulnerability. Users of Google Chrome are advised to upgrade their browser to the latest version. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs is investigating for possible protection where applicable.
FortiGuard Labs has an Endpoint Vulnerability signature for CVE-2023-4966 to detect devices that are running on a vulnerable software.
Meanwhile, users are encouraged to enable automatic updates in their Chrome browser to ensure that their software is updated promptly.