Google issues emergency Chrome update to tackle another zero-day exploit
Google has tackled their sixth zero-day exploit of 2023 with their latest Chrome security update
Google has issued a new update for their Chrome browser to tackle a range of security issues, including a new zero-day vulnerability. The update includes seven security fixes, one of which is known to be actively exploited. As such, we recommend that all Chrome users update their browsers as soon as they can.
While Google has not detailed specifics about the exploit (CVE-2023-6345), it has been called an integer overflow in Skia, the open-source 2D graphics library. The flaw was reported to Google on November 24th. On November 28th a patch for the issue is now being rolled out to all Chrome users.
Chrome’s latest stable channel update is now addresses these bugs. This update is version 119.0.6045.199 for Mac and Linux users and 119.0.6045.199/.200 for Windows users. This update may take weeks to roll out to all Chrome users. That said, we were able to update our browsers immediately within Chrome’s settings tab.
According to Beeping Computer, CVE-2023-6345 is the 6th zero-day vulnerability that Google has had to address in Chrome this year. At this time it is unknown who was actively exploiting this vulnerability, or who may have been affected by it. Details about this zero-day vulnerability will remain restricted until most Chrome users update their browsers. Details about this vulnerability are likely to have been shared with third parties who may also have software that’s affected by this exploit.
Google recently boosted Chrome security
Earlier this year, Google beefed up Chrome’s security by increasing the frequency of stable channel updates. Starting with Chrome 116, Google were attacking the “patch gap” by issuing weekly stable channel updates. This increased update cadence allows Google to deliver security updates 3.5 days faster on average, reducing the potential attack windows of hackers.
If you are using Chrome, we recommend that you update your browser. Yes, your browser will eventually aut0-update, but there’s no reason to avoid Google’s latest security fixes. After all, you just need to update and restart your browser.
You can join the discussion on Chrome’s emergency security update on the OC3D Forums.