If you are one of the millions of worldwide Chrome users, it’s time for yet another update. That’s right, a sixth zero-day exploit has been discovered in Chrome and, fortunately, the update was released shortly after.
If you’re uncertain as to what a zero-day vulnerability is, it’s simply a vulnerability that has been discovered but not yet patched.
The exploit in question is CVE-2023-6345 and does exist in the wild. According to Tenable, the official description of this vulnerability is, “Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High).”
The Chrome Stable channel has been updated to 119.0.6045 for both Linux and Mac and 119.0.6045.199/.200 for Windows. Although the update hasn’t been rolled out for every user, Google has confirmed it will happen over the coming days/weeks.
This update includes seven different security fixes (including for the zero-day exploit), which are:
- CVE-2023-6348: Type Confusion in Spellcheck
- CVE-2023-6347: Use after free in Mojo.
- CVE-2023-6346: Use after free in WebAudio.
- CVE-2023-6350: Out of bounds memory access in libavif.
- CVE-2023-6351: Use after free in libavif.
- CVE-2023-6345: Integer overflow in Skia.
It is the final vulnerability, listed above, that is the zero-day exploit. It’s interesting to know that this vulnerability is listed as High and not Critical. Even so, any bug listed as High should be considered a must-patch. Other than saying this vulnerability exists in the wild, Google has been a bit hush-hush about it. You can read Google’s official statement about the issue.
To find out which version of Chrome you are using, go to Settings > About Chrome, where you’ll see the version number. If there is an update available, make sure to click Relaunch, so the updates will be applied. If you find your version is out-of-date, you can always go to the Chrome download page, download the latest version, and install it.