With every update that’s released to an app or operating system, there is the chance a zero-day security vulnerability can strike. And when there is one, depending on the severity, it’s something that you want to address as soon as you get a chance, because it could very well be something that’s being exploited in the wild and can affect you. Now, there’s another zero-day vulnerability affecting everyone’s favorite browser, Google Chrome.
Google has released an important security update for Chrome users on Windows, Mac, and Linux operating systems to address a zero-day vulnerability. The vulnerability, identified as CVE-2023-6345, was discovered by Google’s Threat Analysis Group on November 24th. The exploit has not been described in detail yet to avoid encourage exploitation by malicious actors. However, it is known to be an integer overflow weakness that affects Skia, the open-source 2D graphics library utilized in Chrome’s graphics engine.
What makes it bad, however, is the fact that it’s currently being exploited in the wild, so it’s something that needs immediate action from Google. While Google just last week discovered the issue, it’s not known for how long the issue has been exploited before Google caught wind of it, or how much damage it has done.
The exploit enables attackers to perform a sandbox escape via a malicious file, a method that could infect systems with malicious code and compromise sensitive user data. The vulnerability could, therefore, allow hackers to remotely access personal data and execute malicious code, potentially leading to data theft.
Google is pushing out the update automatically to all Chrome browsers, so if you don’t have it already, you should soon. The fix is included in Chrome 119.0.6045.199 for Mac and Linux, and 119.0.6045.199/.200 for Windows. You can also manually check for updates in Google Chrome. This is still an ongoing rollout, so if you don’t see the update yet, it might just not be available yet.
Source: The Verge
