29 November 2023

Google fixes Chrome zero-day, patch now


Google fixes Chrome zero-day, patch now

Google has rolled out security updates for its Chrome browser to address multiple vulnerabilities, including an actively exploited zero-day flaw.

The said flaw (CVE-2023-6345) is an integer overflow issue in the Skia component in Chrome. This bug can be exploited remotely to achieve code execution on the target system. To do this, an attacker needs to trick the user into visiting a malicious webpage.

“Google is aware that an exploit for CVE-2023-6345 exists in the wild,” the company said without revealing any additional details regarding the bug.

In addition to CVE-2023-6345, the tech giant fixed five remote code execution vulnerabilities (CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6350, CVE-2023-6351) in the Spellcheck, Mojo, WebAudio, and libavif components in Chrome.

The vulnerabilities have been addressed in the Stable Desktop channel, with fixed versions rolling out globally to Windows users (119.0.6045.199/.200) and Mac and Linux users (119.0.6045.199).


Back to the list

Latest Posts

Cyber Security Week in Review: June 21, 2024

Cyber Security Week in Review: June 21, 2024

In brief: The US bans Russia’s Kaspersky software, Chinese cyber espionage actor exploits Fortinet, Ivanti, and VMware zero-days, and more.
21 June 2024
Russian Nobelium hackers  target French diplomatic entities and public orgs

Russian Nobelium hackers target French diplomatic entities and public orgs

Nobelium's tactics involve using hacked legitimate email accounts belonging to diplomatic staff to conduct phishing campaigns.
20 June 2024
Chinese cyber espionage actor exploits Fortinet, Ivanti, and VMware zero-days

Chinese cyber espionage actor exploits Fortinet, Ivanti, and VMware zero-days

The group relies heavily on valid credentials for lateral movement between guest virtual machines on compromised VMware ESXi servers.
20 June 2024