软餐获悉,谷歌为 Chrome 发布了小版本更新,修复了一个在野外被利用的安全漏洞 CVE-2023-7024。Chrome 最新版本将更新为 120.0.6099.129 /120.0.6099.130(Windows)、120.0.6099.129(Linux 或 Mac)。谷歌披露,CVE-2023-7024 是 WebRTC 中的堆缓冲区溢出错误,它被标记为高安全评级,谷歌确认它已在野外被利用。该问题是由 Google 威胁分析组 TAG 的成员发现的。这是 Chrome/Chromium 今年第八个漏洞,所有基于 Chromium 的浏览器也会受到影响,后者预计未来几天将推送更新。
Google has released a minor update for Chrome, fixing a security vulnerability CVE-2023-7024 that was being exploited in the wild. The latest version of Chrome will be updated to 120.0.6099.129 or 120.0.6099.130 (Windows), 120.0.6099.129 (Linux or Mac). Google disclosed that CVE-2023-7024 is a heap buffer overflow error in WebRTC, which has been classified as a high-security rating and confirmed by Google to have been exploited in the wild. This issue was discovered by members of Google’s Threat Analysis Group (TAG). This is the eighth vulnerability this year for Chrome/Chromium, and all Chromium-based browsers are also expected to be affected, with updates expected to be rolled out in the coming days.