Zero-Day: Google Chrome

Zero-Day: Google Chrome

DOWNLOAD PDF

SUMMARY

Google released security patches addressing 7 Chrome browser vulnerabilities, one is a zero-day being actively exploited. The Zero-Day is CVE-2023-6345, a high-severity vulnerability described as an integer overflow bug within Skia, an open-source 2D graphics library.

VULNERABILITY DETAILS

Google responded to the zero-day vulnerability with an immediate security update ad it is aware of the exploit’s presence in the wild.

The vulnerability is an integer overflow weakness within the Skia open-source 2D graphics library. Potential risks associated with this vulnerability range from system crashes to arbitrary code execution.   Skia is a graphics engine for various products, including ChromeOS, Android, and Flutter.  Discovered on November 24 by Google’s Threat Analysis Group (TAG), this vulnerability follows a pattern exploited by state-sponsored hacking groups in espionage campaigns targeting notable individuals, such as journalists and opposition politicians.

Users are strongly advised to upgrade to Chrome versions 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux to mitigate potential security threats. Additionally, users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are encouraged to promptly apply provided fixes as they become available.

RECOMMENDATIONS

  • Users are strongly advised to update Chrome browsers to the latest versions (119.0.6045.199/.200 for Windows, 119.0.6045.199 for macOS and Linux).
  • Ensure all devices running Chrome are updated to the latest versions.
  • If using browsers like Microsoft Edge, Brave, Opera, or Vivaldi that are based on Chromium, stay informed about security updates for these browsers and apply them as they become available.

REFERENCES

 

CONTACT US