A new security hole closed by Chrome: update your browser

Maxence Glineur

November 29, 2023 at 4:30 p.m.


Google Chrome macOS © © photosince / Shutterstock

Google Chrome is affected by a security flaw on Windows, macOS and Linux © photosince / Shutterstock

A vulnerability could allow hackers to crash Google’s browser, and even steal users’ personal data, if not more.

Chrome developers have had to work hard this year. The most popular browser in the world has, in fact, been the subject of several urgent updates, all concerning zero-day flaws.

The latest, listed under the name CVE-2023-6345 and reported on November 24, opens a major breach in Internet users’ devices, and could affect software other than Google Chrome, or even… operating systems .

Crash Chrome to access user data

If you use Google’s browser, it is in your best interest to check the version installed on your computer now. Indeed, the firm has just urgently launched a patch to fill a flaw affecting, once again, the Skia 2D graphics engine, which allows Chrome to crash and launch arbitrary code. A good opportunity for pirates, many of whom must already be looking into the subject. It is therefore advisable to update this software as soon as possible.

The version concerned is the 119.0.6045.199/.200 for Windows, and 119.0.6045.199 for macOS and Linux. Your browser should quickly install this patch on its own, depending on your settings, of course. If Chrome can’t find this update for you yet, don’t panic: Google says its deployment will take several days or weeks to reach all users.

Google Chrome v119 Skia flaw © © Screenshot BleepingComputer

Be careful to check the version of Google Chrome installed on your computer © Screenshot BleepingComputer

A flaw used for espionage campaigns?

CVE-2023-6345 was discovered by Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group (TAG). This research department is renowned for spotting zero-day vulnerabilities often exploited by states as part of espionage campaigns, for example. Although Google is not saying more about the current impact of this flaw, it is already being used by malicious actors, and therefore certainly not by just any malicious actors.

However, you will have to wait a little to find out more. “ Access to bug details and links may be restricted until the majority of users have received a patch », Explains Google. “ We will also maintain restrictions if the bug exists in a third-party library that other projects depend on, but has not yet been fixed “.

Indeed, Skia is also used by ChromeOS and Android. If the Chrome flaw can also be exploited on these two operating systems, it could put even more devices at risk. It’s now up to Google to make sure this doesn’t happen.

Source : BleepingComputer

Maxence Glineur

A hyper-connected geek and keen on podcasts, I'm always reading or listening to news of all kinds. Between history, tech, politics, music, video games and popular science...

Read other articles

A hyper-connected geek and keen on podcasts, I'm always reading or listening to news of all kinds. Between history, tech, politics, music, video games and popular science: all the news (or almost all) arouses my curiosity. Otherwise, I like rock and lofi, game nights that are always too long, good films and guys.

Read other articles

Source link -99