Time to update your browser again—Google just released a new security patch for Chrome to address another zero-day flaw. It’s the third discovered this year, barely a month and a half after the first two revealed.
Announced in a June 5th security bulletin and highlighted by Bleeping Computer, details are scarce about CVE-2023-3079. As with other high-severity flaws that have a known exploit, Google is only sharing that it is a type confusion error in Chrome’s V8 JavaScript engine, which can allow hackers to execute their own malicious code through the browser. Google researcher Clément Lecigne uncovered it on June 1st.
Lecigne also brought to light the two zero-day flaws announced in April. The first was a type confusion error while the second was a vulnerability in Skia, Chrome’s 2D graphics library.
PCWorld
Users should update their browsers now to apply the fix, which is part of Chrome version 114.0.5735.110 for Windows. (Linux and Mac users should look for version 114.0.5735.106). If an automatic update isn’t ready, head to Chrome’s settings by clicking on the three dot icon in the upper right, then choosing Help > About Google Chrome. (Alternatively, you can type chrome://settings/help into the address bar). This should manually trigger the update. When complete, you will be asked to restart your browser. Bleeping Computer says that the update is still rolling out, so you may need to check for it more than once if it isn’t available to you yet.