Google Chrome WebRTC Heap buffer overflow (CVE-2023-7024)

Fortiguard Security Advisory

What is the Vulnerability?

A zero-day vulnerability in Google Chrome is actively exploited in the wild. The vulnerability is a Heap buffer overflow issue in the open-source WebRTC framework. Many other web browsers, such as Mozilla Firefox, Safari, and Microsoft Edge, also use the WebRTC framework to provide Real-Time Communications (RTC) capabilities. A successful exploitation of the vulnerability via a crafted HTML page could allow an attacker to execute arbitrary code on the affected system.

What is the Vendor Solution?

Google has released security updates to address this high-severity zero-day vulnerability (CVE-2023-7024) in Google Chrome. Chromium-based browsers such as Microsoft Edge are also affected by this vulnerability. Users of Google Chrome are advised to upgrade their browser to the latest version. [ Link ]

What FortiGuard Coverage is available?

FortiGuard Labs is investigating for possible protection where applicable.

FortiGuard Labs has an Endpoint Vulnerability signature for CVE-2023-4966 to detect devices that are running on a vulnerable software.

Meanwhile, users are encouraged to enable automatic updates in their Chrome browser to ensure that their software is updated promptly.