virus logo Threat Signal Report

Google Chrome WebRTC Heap buffer overflow (CVE-2023-7024)

Description

What is the Vulnerability? A zero-day vulnerability in Google Chrome is actively exploited in the wild. The vulnerability is a Heap buffer overflow issue in the open-source WebRTC framework. Many other web browsers, such as Mozilla Firefox, Safari, and Microsoft Edge, also use the WebRTC framework to provide Real-Time Communications (RTC) capabilities. A successful exploitation of the vulnerability via a crafted HTML page could allow an attacker to execute arbitrary code on the affected system.
What is the Vendor Solution? Google has released security updates to address this high-severity zero-day vulnerability (CVE-2023-7024) in Google Chrome. Chromium-based browsers such as Microsoft Edge are also affected by this vulnerability. Users of Google Chrome are advised to upgrade their browser to the latest version. [ Link ]
What FortiGuard Coverage is available? FortiGuard Labs is investigating for possible protection where applicable.
FortiGuard Labs has an Endpoint Vulnerability signature for CVE-2023-4966 to detect devices that are running on a vulnerable software.
Meanwhile, users are encouraged to enable automatic updates in their Chrome browser to ensure that their software is updated promptly.
Date Dec 21, 2023
CVE ID CVE-2023-7024
Threat/
Vulnerability		 Vulnerability
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services