In response to ongoing exploitation in cyber attacks, Google has swiftly addressed the sixth Chrome zero-day vulnerability of the year through an emergency security update. The security flaw, identified as CVE-2023-6345, posed significant risks and was actively exploited in the wild.
Because of this, the search engine giant urged all users to immediately update their browsers to the latest version for their protection.
Google Chrome Global Patch
As spotted by Bleeping Computer, the vulnerability has been successfully addressed in the Stable Desktop channel, with patched versions promptly rolling out globally.
Windows users will receive versions 119.0.6045.199/.200, while Mac and Linux users will be updated to 119.0.6045.199. While the security update may take some time to reach the entire user base, it was readily available when checked for updates earlier.
Related Article: Google Patches 5th Zero-Day Vulnerability in Chrome 117.0.5938.132
Origin and Severity of Chrome Zero-Day Vulnerability
This high-severity zero-day vulnerability originates from an integer overflow weakness within the Skia open-source 2D graphics library. The implications range from system crashes to the potential execution of arbitrary code.
Furthermore, Skia is utilized as a graphics engine in various products, including ChromeOS, Android, and Flutter.
What TAG Researchers Discovered?
Security researchers Benoît Sevens and Clément Lecigne from Google's Threat Analysis Group (TAG) discovered and reported the vulnerability on Nov. 24.
Google TAG has a track record of exposing zero-days commonly exploited by state-sponsored hacking groups in spyware campaigns, often targeting high-profile individuals like journalists and politicians.
To minimize the risk of threat actors exploiting the vulnerability, the company has restricted access to specific details about CVE-2023-6345. Full disclosure will only occur once a significant portion of users have updated their browsers. If the flaw extends to third-party software yet to be patched, access restrictions will persist.
Zero-Day Exploits Keep on Coming
This rapid response follows Google's resolution of two other zero-days in September (CVE-2023-5217 and CVE-2023-4863).
The tech giant has consistently demonstrated its commitment to user security, addressing multiple vulnerabilities throughout the year, including CVE-2023-3079, CVE-2023-2136, and CVE-2023-2033.
How to Update Your Google Chrome Browser
For those who have a hard time updating their Chrome browsers on desktop, the steps that PCMag provided below will help you to get past the process.
- First, launch Google Chrome from your PC.
- Then, tap More. You should see it by tapping the three vertical dots.
- Once you're done, click Help, then proceed to About Google Chrome.
- Finally, relaunch your browser.
If you do not install the patch, chances are your browser is susceptible to zero days. It can crack your system and the hacker can execute arbitrary code inside.
Just as Google often advises, it's always important to jot down all of its precautionary measures for your online security and protection. Fortifying your browser against potential exploits is always the way to go so you can avoid encountering threats that might disrupt your software or any device.