⚡ TL;DR | Go Straight to the Google Chrome 120 Vulnerability Audit Report
Google has released emergency security updates for Chrome 120 for Windows, Linux, and Mac in response to a high-severity vulnerability that is already being actively exploited. When exploited the issue leads to program crashes and arbitrary code execution. We have added a new report to Lansweeper to help you locate vulnerable Chrome installations.
Google Chrome 120 Vulnerability CVE-2023-7024
The new security update for Chrome 120 includes just 1 security fix. The vulnerability tracked as CVE-2023-7024 is a high-severity heap buffer overflow bug in WebRTC. This vulnerability is already being exploited in the wild and can cause program crashes or lead to arbitrary code execution. It goes without saying that this can cause serious disruptions in operations and compromise sensitive data. You can find more information on Chrome’s release page.
Update Vulnerable Chrome Installations
For now, Google isn’t releasing any additional bug details yet, to give users the chance to update first and so that malicious actors won’t be able to leverage the additional information for further attacks. Make sure to update any installation of Google Chrome to the latest version (120.0.6099.129 for Mac and Linux and 120.0.6099.129/130 for Windows) as soon as possible to protect your network.
Discover Vulnerable Chrome Installs
To help you locate vulnerable installations of Google Chrome in your network, our team has added a new vulnerability audit report to Lansweeper. This report gives you an actionable list of installations that still need to be updated to the new version. You can get the report via the link below.
