Zero-Day: Google Chrome
DOWNLOAD PDFSUMMARY
Google released security patches addressing 7 Chrome browser vulnerabilities, one is a zero-day being actively exploited. The Zero-Day is CVE-2023-6345, a high-severity vulnerability described as an integer overflow bug within Skia, an open-source 2D graphics library.
VULNERABILITY DETAILS
Google responded to the zero-day vulnerability with an immediate security update ad it is aware of the exploit’s presence in the wild.
The vulnerability is an integer overflow weakness within the Skia open-source 2D graphics library. Potential risks associated with this vulnerability range from system crashes to arbitrary code execution. Skia is a graphics engine for various products, including ChromeOS, Android, and Flutter. Discovered on November 24 by Google’s Threat Analysis Group (TAG), this vulnerability follows a pattern exploited by state-sponsored hacking groups in espionage campaigns targeting notable individuals, such as journalists and opposition politicians.
Users are strongly advised to upgrade to Chrome versions 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux to mitigate potential security threats. Additionally, users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are encouraged to promptly apply provided fixes as they become available.
RECOMMENDATIONS
- Users are strongly advised to update Chrome browsers to the latest versions (119.0.6045.199/.200 for Windows, 119.0.6045.199 for macOS and Linux).
- Ensure all devices running Chrome are updated to the latest versions.
- If using browsers like Microsoft Edge, Brave, Opera, or Vivaldi that are based on Chromium, stay informed about security updates for these browsers and apply them as they become available.
REFERENCES
- https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
- https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2023/
- https://thehackernews.com/2023/11/zero-day-alert-google-chrome-under.html