Chrome: Google publishes an emergency update to counter a “zero-day” flaw, here’s what you need to know


If you are one of the millions of Chrome browser users, it’s time for another update. Indeed, a sixth zero-day exploit was discovered in Chrome and, fortunately, the update was released shortly after.

If you don’t know what a zero-day vulnerability is, it’s simply a vulnerability that has been discovered but not yet patched.

The exploit in question is CVE-2023-6345. According to Tenable, the official description of this vulnerability is as follows: An integer overflow in Skia in Google Chrome prior to version 119.0.6045.199 allowed a remote attacker who compromised the rendering process to perform a sandbox escape via a malicious file.

How do you know which version of Chrome you are using?

Chrome’s stable channel has been updated to 119.0.6045 for Linux and Mac and 119.0.6045.199/.200 for Windows. Although the update has not been rolled out to all users, Google has confirmed that it will be rolled out in the coming days/weeks.

This update includes seven different security fixes (including for the zero-day exploit), which are:

  • CVE-2023-6348: Type confusion in Spellcheck
  • CVE-2023-6347: Use after free in Mojo.
  • CVE-2023-6346: Use after free in WebAudio.
  • CVE-2023-6350: Out of bounds memory access in libavif.
  • CVE-2023-6351: Use after free in libavif.
  • CVE-2023-6345: Integer overflow in Skia.

This is the last vulnerability, listed above, which is the subject of a zero-day exploit. It is interesting to know that this vulnerability is classified as “high” and not “critical”. However, any bug rated as “high” should be considered a much-needed fix. You can read Google’s official statement on this.

To find out which version of Chrome you are using, go to Settings > About from Chrome, where you will see the version number. If an update is available, be sure to click Relaunch so that the updates are applied. If you find that your version is outdated, you can always go to the Chrome download page, download the latest version and install it.


Source: “ZDNet.com”



Source link -97