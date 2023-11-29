Google has released security updates for its Chrome browser to fix multiple vulnerabilities, including a zero-day exploit that has been actively targeted by threat actors. This high-severity vulnerability, tracked as CVE-2023-6345, is an integer overflow bug found in Skia, an open-source 2D graphics library.

The flaw was discovered and reported by Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group on November 24, 2023. Google has confirmed the existence of an exploit in the wild for CVE-2023-6345 but has not provided specific details regarding the attacks or the threat actors involved.

Interestingly, this is not the first time Google has encountered a similar integer overflow vulnerability in Skia. In April 2023, another flaw (CVE-2023-2136) in the same component was discovered and actively exploited as a zero-day. It is possible that CVE-2023-6345 serves as a patch bypass for the previous vulnerability.

With this latest update, Google has addressed a total of six zero-day vulnerabilities in Chrome since the beginning of the year. Users are strongly advised to upgrade to Chrome version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux to protect themselves from potential threats.

Additionally, users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply the necessary patches as soon as they are made available.

FAQ

What is a zero-day vulnerability?

A zero-day vulnerability refers to a software security flaw that is unknown to the vendor or developer. This means that hackers can exploit the vulnerability before a fix or patch is available, leaving users at risk.

What is an integer overflow bug?

An integer overflow bug occurs when a mathematical operation generates a value outside the range that can be represente+URL-removedd with a fixed number of bits. This can lead to unexpected behavior or potential security vulnerabilities if the overflow is not properly handled.

How can I protect myself from zero-day vulnerabilities?

To protect yourself from zero-day vulnerabilities, it is important to keep your software and operating systems up to date with the latest security patches. Regularly check for updates and apply them as soon as they are available. Additionally, using comprehensive security software and practicing safe browsing habits can further mitigate the risk of exploitation.