A critical vulnerability identified as CVE-2023-7024 poses a significant threat to Google Chrome and Microsoft Edge browser users. This high-severity flaw, a heap-based buffer overflow in the WebRTC framework, can lead to remote code execution and potential compromise of sensitive data. Read this Cybersecurity Threat advisory to learn how to mitigate the risks of this vulnerability.
What is the threat?
CVE-2023-7024 is a serious vulnerability impacting the widely used Google Chrome and Microsoft Edge browsers. This vulnerability allows malicious actors to execute arbitrary code remotely, leading to potential program crashes and compromising valuable data on affected devices.
Why is it noteworthy?
This vulnerability has broad impact, affecting both desktop and mobile users of the popular browsers, . The WebRTC framework, designed for real-time communication, is a critical component of these browsers, making the vulnerability particularly concerning. The existence of an already detected exploit in the wild amplifies the urgency for users to promptly address this issue.
What is the exposure or risk?
Successful exploitation could result in remote code execution, opening the door to program crashes, malware infection, and unauthorized access to sensitive data. The potential for further compromise of user devices and information heightens the urgency of addressing this vulnerability promptly. All users of vulnerable browser versions are at risk, emphasizing the need for immediate action to prevent potential damage and safeguard personal data.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of the WebRTC vulnerability:
- Immediately update Google Chrome and Microsoft Edge browsers to versions 120.0.6099.129/130.
References
For more in-depth information about the recommendations, please visit the following links:
- https://nvd.nist.gov/vuln/detail/CVE-2023-7024
- https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-7024
- https://safecomputing.umich.edu/security-alerts/update-google-chrome-asap-zero-day-vulnerability
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.