If you are one of the millions of users of the Chrome browser, it’s time for a new update. Indeed, a sixth “zero-day” exploit was discovered in Chrome and, fortunately, the update was released shortly after.
If you don’t know what a “zero-day” vulnerability is, it is simply a vulnerability that has been discovered but has not yet been fixed.
The exploit in question is CVE-2023-6345. According to Tenable, the official description of this vulnerability is as follows: an integer overflow in Skia in Google Chrome prior to version 119.0.6045.199 allowed a remote attacker who compromised the rendering process to perform a sandbox escape via a malicious file.
How do I know which version of Chrome you are using?
Chrome’s stable channel has been updated to 119.0.6045 for Linux and Mac and 119.0.6045.199/.200 for Windows. Although the update has not been rolled out to all users, Google has confirmed that it will be rolled out in the coming days/weeks.
This update includes seven different security fixes (including for the zero-day exploit), which are:
- CVE-2023-6348: Type Confusion in Spellcheck
- CVE-2023-6347 : Use after free in Mojo.
- CVE-2023-6346: Use after free in WebAudio.
- CVE-2023-6350: Out-of-bounds memory access in libavif.
- CVE-2023-6351: Use after free in libavif.
CVE-2023-6345: Integer overflow in Skia.
This is the last vulnerability, listed above, which is the subject of a “zero-day” type exploit. It is interesting to know that this vulnerability is classified in the “high” category and not “critical”. Nevertheless, any bug classified in the “high” category should be considered an indispensable fix. You can read Google’s official statement on this.
To find out which version of Chrome you are using, go to Settings > About from Chrome, where you will see the version number. If an update is available, be sure to click Relaunch, so that the updates are applied. If you find that your version is outdated, you can always go to the Chrome download page, download the latest version and install it.
Source: “ZDNet.com “