Google has rolled out security updates to repair seven security points in its Chrome browser, together with a zero-day that has come beneath energetic exploitation within the wild.
Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open supply 2D graphics library.
Benoît Sevens and Clément Lecigne of Google’s Menace Evaluation Group (TAG) have been credited with discovering and reporting the flaw on November 24, 2023.
As is often the case, the search big acknowledged that “an exploit for CVE-2023-6345 exists within the wild,” however stopped in need of sharing extra info surrounding the character of assaults and the risk actors that could be weaponizing it in real-world assaults.
It is price noting that Google launched patches for the same integer overflow flaw in the identical element (CVE-2023-2136) in April 2023 that had additionally come beneath energetic exploitation as a zero-day, elevating the likelihood that CVE-2023-6345 may very well be a patch bypass for the previous.
CVE-2023-2136 is alleged to have “allowed a distant attacker who had compromised the renderer course of to probably carry out a sandbox escape through a crafted HTML web page.”
With the newest replace, the tech big has addressed a complete of six zero-days in Chrome because the begin of the 12 months –
Customers are beneficial to improve to Chrome model 119.0.6045.199/.200 for Home windows and 119.0.6045.199 for macOS and Linux to mitigate potential threats. Customers of Chromium-based browsers reminiscent of Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they develop into out there.
