Google has confirmed that a zero-day vulnerability in its Chrome web browser is being exploited and has issued urgent security updates in response. The desktop application has been updated to version 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows, with all updates set to roll out "in the coming days/weeks."

The announcement stated that two security fixes were included in this update, but only CVE-2023-3079 was actually detailed, and the other was a routine issue discovered through fuzz testing and internal audits. CVE-2023-3079 is a type confusion vulnerability in the V8 JavaScript engine and is the third zero-day vulnerability in Google Chrome in 2023.

It is understood that type confusion vulnerabilities pose significant risks, allowing attackers to exploit weaknesses in memory object processing to execute arbitrary code on the target machine, so relevant experts strongly recommend that users update their browsers in a timely manner to mitigate potential risks. (Forbes)