Google Patches Chrome Fifth Zero-Day of 2023, Critical Code Execution Flaw

Google has released an emergency update for Chrome, fixing the fifth zero‑day vulnerability identified this year. The flaw stems from insufficient validation of input in Chrome’s V8 JavaScript engine, allowing a remote attacker to execute arbitrary code by luring a user to a specially crafted website. The vulnerability, tracked as CVE‑2024‑XXXXX, has been observed being actively exploited in the wild, making immediate patching critical for all users.

The patch, version 119.0.6045.199 for Windows, macOS, and Linux, addresses a total of 11 security issues in this cycle. In addition to the zero‑day, the update remediates a use‑after‑free bug in the Extensions component, an integer overflow in PDFium, and several type‑confusion defects. Google acknowledges the researchers who reported the flaw under coordinated disclosure, noting that the bug was among the most severe in the release.

Organizations are urged to deploy the update without delay, as the exploit can be delivered through compromised websites or phishing emails that load the malicious page. Chrome’s automatic update will roll out the fix within 24‑48 hours, but administrators should verify that the installed version reflects 119.0.6045.199 or later. Enabling Chrome’s Enhanced Safe Browsing protection can also help block drive‑by‑download attempts that leverage this vulnerability.

The rapid weaponization of this zero‑day highlights the ongoing pressure on browser security. Security teams should adopt a defense‑in‑depth posture, employing endpoint detection and response (EDR) tools, rigorous patch‑management cycles, and strict policies on script execution to shrink the attack surface. Google’s security team plans to publish a detailed post‑mortem after the patch rollout is complete.