Nov 29, 2023NewsroomZero-Day / Web Browser
Executive Summary
Google has released urgent security updates for its Chrome browser to address seven security issues, including a zero-day vulnerability that is actively being exploited.
The zero-day vulnerability, tracked as CVE-2023-6345, is an integer overflow bug in the Skia 2D graphics library.
To mitigate potential threats, it is crucial for Chrome users to apply these patches immediately. Additionally, Chromium users should update their browsers whenever updates are available.
Vulnerabilities Addressed
The security update for Chrome addresses the following vulnerabilities:
- CVE-2023-6345: Integer overflow in Skia
- CVE-2023-6348: Type confusion in Spellcheck
- CVE-2023-6347: Use after free in Mojo
- CVE-2023-6346: Use after free in WebAudio
- CVE-2023-6350: Out of bounds memory access in libavif
- CVE-2023-6351: Use after free in libavif
CVSS scores for the addressed vulnerabilities are not yet available at the time of writing this article.
Chrome Zero-Days Patched in 2023
Furthermore, Google has addressed a total of seven zero-day vulnerabilities in Chrome in 2023. These vulnerabilities include:
- CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
- CVE-2023-2033 (CVSS score: 8.8) – Type confusion in V8
- CVE-2023-3079 (CVSS score: 8.8) – Type confusion in V8
- CVE-2023-4762 (CVSS score: 8.8) – Type confusion in V8
- CVE-2023-4863 (CVSS score: 8.8) – Heap buffer overflow in WebP
- CVE-2023-5217 (CVSS score: 8.8) – Heap buffer overflow in vp8 encoding in libvpx
Call for Action
Users of Chrome are advised to promptly update to the latest version, 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux, to mitigate potential threats.
For more details, please refer to Google Chrome’s security advisory.
Additionally, users of Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, should also apply the fixes as they become available.
Considering the history of zero-day vulnerabilities in Chrome, such as the 2023 zero-days mentioned above, we highly recommend that Chrome users diligently monitor Chrome updates and promptly install them as well. It is essential to stay updated with the latest security patches in order to safeguard against potential threats.
- Counterfeit LastPass App Discovered on Apple App Store
- Scam Ring Targets French-Speaking Investors
- [CVSS 9+] LockBit Exploiting Citrix Bleed: Immediate Action Needed
- Brazilian Officials Detain Banking Trojans Cybercrime Gang
- [Zero-Day] Update Now: 3 Exploited Apple Flaws
- [CVSS 9+]: Exploit Attempts for Apache Struts Vulnerability