Zero-Day Flaw | Breaking Cybersecurity News | The Hacker News

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier  CVE-2023-7024 , has been described as a  heap-based buffer overflow bug  in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group (TAG) have been credited with discovering and reporting the flaw on December 19, 2023. No other details about the security defect have been released to prevent further abuse, with Google  acknowledging  that "an exploit for CVE-2023-7024 exists in the wild." Given that WebRTC is an open-source project and that it's also supported by Mozilla Firefox and Apple Safari, it's currently not clear if the flaw has any impact beyond Chrome and Chromium-based browsers. The development marks the resolution of the eighth activel...