Connect with us

Hi, what are you looking for?



Google Patches Third Chrome Zero-Day of 2023

Google has released a Chrome 114 security update that patches CVE-2023-3079, the third zero-day vulnerability patched in the browser in 2023.

Chrome zero-day CVE-2023-4863

Google on Monday released a Chrome 114 security update that patches the third zero-day vulnerability found in the web browser in 2023.

Google said the latest version of Chrome patches two flaws, including CVE-2023-3079, a type confusion issue affecting the V8 JavaScript engine. 

The internet giant noted that the vulnerability, discovered on June 1, has been exploited in the wild, but has not shared any information on the attacks.

However, the fact that the security hole and its exploitation were discovered by Clement Lecigne of Google’s Threat Analysis Group suggests that CVE-2023-3079 has likely been exploited by a commercial spyware vendor.

Google regularly publishes blog posts describing the exploits used by various spyware vendors, which typically advertise their products for lawful surveillance by government agencies. However, their solutions have often been abused by totalitarian regimes to spy on critics. 

In many cases, spyware vendors integrate Chrome vulnerabilities into complex exploit chains that are designed to target Android devices. 

Google announced recently that it’s temporarily offering up to $180,000 through its bug bounty program for a full chain exploit that leads to a sandbox escape in Chrome. 

Advertisement. Scroll to continue reading.

In 2022, the company patched nine Chrome zero-days, including five discovered by its Threat Analysis Group.  

Related: Google Warns of New Chrome Zero-Day Attack

Related: Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor

Related: Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.