Google has issued a security update for its Chrome web browser, addressing the third zero-day vulnerability that has been exploited in 2023. According to the security bulletin, "Google is aware that an exploit for CVE-2023-3079 exists in the wild." However, the company has chosen not to release details about the exploit or its use in attacks, only providing information on the severity of the flaw and its nature. This approach is typical for Google when a new security issue is discovered, as it aims to protect users until most have migrated to a secure version and to prevent adversaries from using the details to develop additional exploits. Google states, "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."
In addition to fixing the new zero-day, the latest Chrome version addresses various issues discovered through internal audits and code fuzzing analysis. Google indicates that the update will roll out gradually over the coming days or weeks, so not everyone will receive it simultaneously. To manually initiate the Chrome update process to the latest version addressing the actively exploited security issue, users can navigate to the Chrome settings menu (upper right corner) and select Help → About Google Chrome. Relaunching the application is necessary to complete the update. Security updates are also automatically installed when the browser starts without user intervention, so users should check the "About" page to ensure they are running the latest version. The stable channel release addressing the flaw with an exploit in the wild is version 114.0.5735.110 for Windows and 114.0.5735.106 for Mac and Linux.