Google Chrome has a vulnerability of the most dangerous kind, so make sure your browser is updated to the latest version that contains the fix.
The worst kind of vulnerability is one that is known, and Google has confirmed that this particular hole in Chrome has already been exploited. So not only is it known to malicious actors, but it is also actively deployed against Chrome users, which is obviously bad news.
The problem in this case, if outlined by Google, is a heap buffer overflow in WebRTC. (As the name suggests, this is an issue in which an attacker causes an area of memory to be written to so that it overflows, creating the opportunity for exploitation).
This is known as vulnerability CVE-2023-7024 and Google acknowledges that an exploit exists for it.
Heap and stack overflows are some of the most common attack vectors out there, and indeed this is far from the first heap overflow gremlin to hit Google's web browser.
How to fix this vulnerability
Fortunately, there's no need to panic: all you need to do to protect yourself from this attack is open Chrome's Settings page (via the three-dot menu, at the top right of the browser). From there, look at the left panel and click “About Chrome” at the bottom of the list.
Opening this will automatically check for updates and apply an upgrade if necessary. To have protection against this exploit, you need to use Chrome version 120.0.6099.130 on a Windows PC (or alternatively 120.0.6099.129 – whichever version you want to use on Mac or Linux).
When we checked, we were still running version 120.0.6099.110 and our Chrome browser had not yet updated itself. So it's definitely worth checking now and taking care of this before there's any chance of your PC being compromised.
Remember that after Chrome has updated itself, you will need to close and reopen the browser (all instances of it) to perform the upgrade. Then everything is arranged and you can get started.
Through Ghacks