Google has issued a security update for its Chrome browser after a zero-day vulnerability was discovered by its Threat Analysis Group. The vulnerability, CVE-2023-7024, is a heap buffer overflow in WebRTC, a technology that enables real-time communication in web applications. Heap overflow occurs when a buffer, allocated in the heap memory using functions like malloc(), is vulnerable to being overwritten, leading to potential security issues and memory corruption.

According to Google, the vulnerability is being exploited in the wild, meaning hackers actively use it to compromise Chrome users. The company did not disclose any details about the nature or scope of the attacks. Still, it said it would provide more information once most users updated their browsers.

The security update, version 120.0.6099.129 for Mac and Linux and version 120.0.6099.129/130 for Windows, is available for download from the Chrome website or through the browser’s built-in updater. Users are advised to install the update as soon as possible to protect themselves from potential attacks.

Google credited Clément Lecigne and Vlad Stolyarov from its Threat Analysis Group for reporting the vulnerability. The group tracks and counters sophisticated threats from state-sponsored and malicious actors.

This is not the first time Google patched a zero-day vulnerability in Chrome this year. In March, the company fixed a similar flaw in WebRTC that was also being exploited in the wild. In June, it addressed another zero-day vulnerability in the V8 JavaScript engine that was used to target users in South Korea.