Google has rolled out security updates for its Chrome browser to address multiple vulnerabilities, including an actively exploited zero-day flaw.
The said flaw (CVE-2023-6345) is an integer overflow issue in the Skia component in Chrome. This bug can be exploited remotely to achieve code execution on the target system. To do this, an attacker needs to trick the user into visiting a malicious webpage.
“Google is aware that an exploit for CVE-2023-6345 exists in the wild,” the company said without revealing any additional details regarding the bug.
In addition to CVE-2023-6345, the tech giant fixed five remote code execution vulnerabilities (CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6350, CVE-2023-6351) in the Spellcheck, Mojo, WebAudio, and libavif components in Chrome.
The vulnerabilities have been addressed in the Stable Desktop channel, with fixed versions rolling out globally to Windows users (119.0.6045.199/.200) and Mac and Linux users (119.0.6045.199).