back to top

Google Chrome Vulnerability: Update Now for Security!

Ensure you stay updated if you’re using Google Chrome, as the latest patch addresses the sixth zero-day vulnerability this year. This vulnerability, arising from an integer overflow in the Skia open-source 2D graphics library, is actively exploited in the wild. Don’t delay updating your browser.

Discovered recently by two security researchers collaborating with Google’s Threat Analysis Group (TAG), the department known for identifying zero-day vulnerabilities and monitoring state-sponsored threat actors. It’s reasonable to infer that one of the groups exploiting this flaw is state-sponsored.

Google Chrome Vulnerability: Update Now for Security!

Disclosure Policy and Secure Versions

Google maintains a reserved stance, withholding additional details on the vulnerability until widespread browser updates occur. Secure versions include 119.0.6045.199/.200 for Windows and 119.0.6045.199 for Mac/Linux.

Swift Availability and Identified Exploits

Despite Google’s gradual regional patch deployment, version 119.0.6045.200 was promptly accessible during our update check. Google acknowledges the existence of CVE-2023-6345 exploits in the wild.

Restricted Access to Bug Details

Google commits to limiting access to bug details and links until a substantial user base receives the fix. This restriction extends to bugs in third-party libraries dependent on by other projects.

Standard Security Measures

Non-disclosure aligns with security norms for actively exploited vulnerabilities. Google’s cautious approach prevents potential motivation for attackers to craft their malware.

Google’s Ongoing Security Efforts

Six zero-day vulnerabilities, including CVE-2023-5217 and CVE-2023-4863 in September, have been addressed by Google this year. Notably, these were actively exploited, emphasizing Chrome’s appeal to cyber criminals.

More like this