Google Chrome Patches Actively Exploited Critical Zero-Day Vulnerability
The flaw results from an integer overflow flaw in the Skia open-source graphics library.
- Google has released security updates for the Chrome browser for several security issues, including a critical zero-day vulnerability.
- Called CVE-2023-6345, the integer overflow vulnerability was being actively exploited in the wild and was the 6th zero-day for Chrome in 2023.
For the 6th time in 2023, Google disclosed a zero-day vulnerability in its Chrome browser that was being actively exploited in the wild before being patched. This new bug, CVE-2023-6345, results from an integer overflow problem in the Skia 2D graphic library. Google has released patches for multiple security issues apart from the zero-day flaw.
Google has not released details about the bug, apart from stating that an exploit for the vulnerability was available publicly. However, the National Vulnerability Database (NVD) of NIST stated that the flaw affected Chrome before the 119.0.6045.199 version and enabled remote attackers to leverage compromised renderer processes to use a malicious file for a sandbox escape.
See More: Google Drive Loses Months of Data of Some Users
Google released security patches for a similar integer overflow vulnerability in April 2023, potentially making the current bug a bypass for the earlier flaw. Other zero-days Chrome faced this year include the CVE-2023-2033, CVE-2023-2136, CVE-2023-3079, CVE-2023-4863, and CVE-2023-5217. To minimize threats, chrome users have been recommended to update to the latest version, 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS.
2023 has been a year of critical vulnerabilities and zero-days across browsers, including those belonging to Firefox, Apple, Microsoft, and Google. Both Apple and Google have warned about vendors of surveillance products using zero-days for installing spyware on various device platforms. The problem is important as several browsers are built on the Chromium model, simultaneously making an exploit effective on multiple browsers.
What do you think about Google’s security measures in its portfolio? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock