Google patches two actively‑exploited Chrome zero‑days, threat actors gain code execution

Google released emergency Chrome updates that fix two critical vulnerabilities (CVE‑2023‑xxxx and CVE‑2023‑yyyy). Both flaws allowed threat actors to execute arbitrary code and break out of Chrome’s sandbox, giving them direct access to the host operating system.

Defenders must prioritize deploying these patches across all endpoints, as the exploits are already seen in the wild. Unpatched browsers can serve as a foothold for ransomware, espionage, or lateral movement, so immediate remediation, monitoring for related IOCs, and blocking legacy Chrome versions are essential to prevent compromise.

Categories: Vulnerabilities & Exploits, Threat Intelligence

Source: Read original article