[Security Awareness] Vulnerability Alert – High-Risk Zero-Day Vulnerability (CVE-2023-3079) Found in Google Chrome, Microsoft Edge, Brave, and Vivaldi Browsers – Attackers Can Execute Arbitrary Code Remotely – Please Confirm and Update Promptly

2023 年 7 月 11 日 圖資資訊處

ANA Incident Notification: TACERT-ANA-2023060901060606

[Vulnerability Alert] High-Risk Zero-Day Vulnerability (CVE-2023-3079) Found in Google Chrome, Microsoft Edge, Brave, and Vivaldi Browsers – Attackers Can Execute Arbitrary Code Remotely – Please Confirm and Update Promptly

Educational Institutions ANA Reporting Platform

Release Number: TACERT-ANA-2023060901060606 Release Time: 2023-06-09 13:09:07 Incident Type: ANA-Vulnerability Alert Discovery Time: 2023-06-09 12:40:07 Impact Level: Medium

[Subject Explanation:] [Vulnerability Alert] High-Risk Zero-Day Vulnerability (CVE-2023-3079) Found in Google Chrome, Microsoft Edge, Brave, and Vivaldi Browsers – Attackers Can Execute Arbitrary Code Remotely – Please Confirm and Update Promptly

[Content Explanation:]

Forwarded from NISAC-200-202306-00000032 of the National Information Security Analysis Center, researchers have discovered a type confusion vulnerability (CVE-2023-3079) in the Chrome V8 JavaScript engine of Google Chrome, Microsoft Edge, Brave, and Vivaldi browsers, all of which are based on Chromium. This vulnerability has been maliciously exploited, allowing remote attackers to trick users into visiting malicious webpages that exploit the vulnerability, leading to memory heap corruption. This can result in application crashes, information disclosure, denial-of-service (DoS) attacks, or execution of arbitrary code.

Affected Platforms: ● Vivaldi versions up to 6.1.3035.32 (exclusive) ● Brave versions up to 1.52.122 (exclusive) ● Microsoft Edge (Based on Chromium) versions up to 114.0.1823.41 (exclusive) ● Google Chrome versions up to 114.0.5735.110 (exclusive)

Recommendations:

  1. Update Google Chrome to version 114.0.5735.110 or higher by checking for updates and restarting the browser when prompted.
  2. Update Microsoft Edge to version 114.0.1823.41 or higher by checking for updates and restarting the browser when prompted.
  3. Update Brave to version 1.52.122 or higher by checking for updates and restarting the browser when prompted.
  4. Update Vivaldi to version 6.1.3035.32 or higher by opening the browser, clicking the Vivaldi logo in the top-left corner, selecting “Help,” and then clicking “Check for Update.” Restart the browser when prompted.

We kindly request your assistance in disseminating this information.

[Reference Information:]

  1. https://www.ithome.com.tw/news/157215
  2. https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html?m=1
  3. https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
  4. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3079
  5. https://brave.com/latest/
  6. https://vivaldi.com/blog/desktop/minor-chromium-bump-vivaldi-browser-snapshot-3035-32/