In a decisive response to ongoing exploitation threats, Google has rolled out an emergency security update, marking the sixth zero-day vulnerability resolution in Chrome this year. Addressing the identified flaw tracked as CVE-2023-6345, this high-severity vulnerability emerges from an integer overflow issue within the Skia open-source 2D graphics library. The potential risks associated with this vulnerability range from causing crashes to potentially allowing the execution of arbitrary code, prompting immediate action to patch Chrome across Windows, Mac, and Linux systems.
The company’s acknowledgment of an active exploit for the security flaw further underlines the critical nature of this vulnerability. The swift release of the security advisory signals Google’s commitment to mitigating threats, with the patched versions (119.0.6045.199/.200) swiftly rolling out globally for Windows users, while Mac and Linux users are also receiving the necessary updates (119.0.6045.199). Google’s Threat Analysis Group (TAG) flagged this zero-day vulnerability, highlighting the potential for exploitation in spyware attacks, a concern notably pervasive among state-sponsored hacking groups targeting high-profile individuals like journalists and political figures.
To curb potential malicious exploitation, Google is strategically restricting access to bug details until a significant user base updates their browsers, aiming to impede threat actors from capitalizing on the flaw’s technical information for malicious purposes. This proactive approach aligns with Google’s efforts to minimize the risk of unauthorized exploitation and reinforces the urgency for users to promptly update their Chrome browsers.
Read more
