Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

November 29, 2023 at 12:18AM

Google patched seven Chrome security issues, including an actively exploited zero-day (CVE-2023-6345) in the Skia graphics library. Users should update to the latest version to prevent potential threats. This marks the sixth zero-day patched in 2023. Chromium-based browser users should also update.

Meeting Takeaways:

1. Google has issued security updates for Chrome to address a total of seven security issues.

2. Among these issues, there’s an actively exploited zero-day vulnerability identified as CVE-2023-6345, rated as high-severity.

3. CVE-2023-6345 is an integer overflow in Skia, an open-source 2D graphics library.

4. Benoît Sevens and Clément Lecigne from Google’s Threat Analysis Group reported the vulnerability on November 24, 2023.

5. Google confirmed the existence of an exploit for CVE-2023-6345, although specifics about the attacks or the attackers have not been disclosed.

6. CVE-2023-6345 might be related to a similar flaw, CVE-2023-2136, patched in April 2023, which also involved Skia and could potentially allow a compromised renderer process to escape the sandbox using a crafted HTML page.

7. Google has patched six zero-days in Chrome since the beginning of the year.

8. To safeguard against these threats, users should update Chrome to version 119.0.6045.199/.200 for Windows or 119.0.6045.199 for macOS and Linux.

9. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also update their browsers when patches are available.

10. The news source encourages following them on Twitter and LinkedIn for more exclusive content.

Full Article