Security Advisory 2023-100

Release Date:

High Severity Vulnerability in Google Chrome



  • 21/12/2023 --- v1.0 -- Initial publication
  • 22/12/2023 --- v1.1 -- Add affected products


On December 20, 2023, Google released an advisory regarding a new high severity vulnerability in its web browser [1]. Google is aware that an exploit for this vulnerability exists in the wild.

It is recommended updating as soon as possible.

Technical Details

The vulnerability CVE-2023-7024 is caused by a heap buffer overflow in the WebRTC component. The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day. The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm [2]. Google has not shared further details about the vulnerability, stating that:

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

Affected Products

This vulnerability affects Google Chrome versions below 120.0.6099.129 for Mac, Linux, and versions below 120.0.6099.129/130 for Windows.

[UPDATE] This vulnerability also affects Chromium-based web browser such as Microsoft Edge [3], Brave, Opera, and Vivaldi.


It is recommended updating as soon as possible.





We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.