November 28, 2023 at 04:30PM
Google has released an emergency security update to fix the fifth Chrome zero-day vulnerability of the year. The vulnerability, CVE-2023-6345, was being actively exploited in attacks. Google acknowledged the exploit and released patched versions for Windows, Mac, and Linux users. The company is restricting access to bug details until most users have updated their browsers to prevent threat actors from developing their own exploits. This is the fifth zero-day vulnerability Google has fixed in 2023.
Key Takeaways from the Meeting Notes:
1. Google has released an emergency security update to fix a zero-day vulnerability in Chrome. This is the fifth zero-day vulnerability that Google has fixed this year.
2. The vulnerability, known as CVE-2023-6345, was exploited in attacks and posed risks ranging from crashes to the execution of arbitrary code.
3. The security update has been rolled out for Windows users (version 119.0.6045.199/.200) and Mac and Linux users (version 119.0.6045.199). It may take some time for the update to reach all users.
4. Google Threat Analysis Group (TAG) reported the bug on November 24 and is known for uncovering zero-days that are often exploited by state-sponsored hacking groups in spyware campaigns.
5. Google might restrict access to the zero-day’s details until most users have updated their browser. This is to prevent threat actors from developing their own exploits.
6. In September, Google fixed two other zero-day vulnerabilities (CVE-2023-5217 and CVE-2023-4863) that were also exploited in attacks.