Ensure you stay updated if you’re using Google Chrome, as the latest patch addresses the sixth zero-day vulnerability this year. This vulnerability, arising from an integer overflow in the Skia open-source 2D graphics library, is actively exploited in the wild. Don’t delay updating your browser.
Discovered recently by two security researchers collaborating with Google’s Threat Analysis Group (TAG), the department known for identifying zero-day vulnerabilities and monitoring state-sponsored threat actors. It’s reasonable to infer that one of the groups exploiting this flaw is state-sponsored.
Disclosure Policy and Secure Versions
Google maintains a reserved stance, withholding additional details on the vulnerability until widespread browser updates occur. Secure versions include 119.0.6045.199/.200 for Windows and 119.0.6045.199 for Mac/Linux.
Swift Availability and Identified Exploits
Despite Google’s gradual regional patch deployment, version 119.0.6045.200 was promptly accessible during our update check. Google acknowledges the existence of CVE-2023-6345 exploits in the wild.
Restricted Access to Bug Details
Google commits to limiting access to bug details and links until a substantial user base receives the fix. This restriction extends to bugs in third-party libraries dependent on by other projects.
Standard Security Measures
Non-disclosure aligns with security norms for actively exploited vulnerabilities. Google’s cautious approach prevents potential motivation for attackers to craft their malware.
Google’s Ongoing Security Efforts
Six zero-day vulnerabilities, including CVE-2023-5217 and CVE-2023-4863 in September, have been addressed by Google this year. Notably, these were actively exploited, emphasizing Chrome’s appeal to cyber criminals.