0-day vulnerability for Chrome, update it without further delay!

Google’s browser is the victim of a major new vulnerability which must be taken very seriously, because it is already being exploited by hackers.

The American giant regularly releases security patches for Chrome. It has even increased the pace of updates, aiming to improve its security and plug vulnerabilities before they can be exploited by malicious actors. Unfortunately, the latter sometimes manage to get ahead of the developers, who find themselves obliged to publish updates urgently. And that’s exactly what’s happening right now.

A bug that can crash Chrome

This September 6, Apple Security Engineering and the University of Toronto reported a bug likely to cause an overflow in a buffer, the one allocated to WebP images. This allows Chrome to crash and execute arbitrary code that can put user data at risk.

Registered CVE-2023-4863, this vulnerability can be thwarted by a patch deployed by Google. To obtain it, you must update Chrome to version 116.0.5845.187 (Mac and Linux) and 116.0.5845.187/.188 (Windows). To make sure you have the correct update, go to your browser settings, then scroll down to the “About Chrome” tab.

From there, you should be able to see the software version. And if you don’t have the latest update yet, Chrome should automatically check for it. Once the browser restarts, you will be completely protected, at least for this time.

Google does not immediately intend to disclose many details about this matter, ” until a majority of users have received an update with the fix “. Based on Chromium, which is open source, Chrome’s code is accessible to everyone. Good for evil, since the company and malicious actors are engaged in a permanent war. Therefore, it is a safe bet that they are actively seeking to take advantage of this new vulnerability until the patch is fully deployed.

Sources: Bleeping Computer, Google