Google Addresses Zero-Day Vulnerability in Chrome

Google Fixes Another 0-day Vulnerability in Chrome
Google swiftly addresses critical Chrome vulnerability, urging users to update promptly.

In a recent security alert, Google has addressed a critical zero-day vulnerability in its Chrome browser and ChromeOS software, urging users to update to the latest version (119.0.6045.199). The flaw, tracked as CVE-2023-6345, allows attackers to bypass sandbox security measures by compromising the browser’s rendering process, leading to potential remote code execution or access to sensitive data.

Google Fixes CVE-2023-6345 0-day Vulnerability

Limited public information is available about CVE-2023-6345, but it is identified as an integer overflow issue affecting the Skia component within Chrome’s graphics engine. The National Vulnerability Database (NVD) describes it as a high-severity bug that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file.

Actually, soon after the official announcement of the vulnerability fix, the real-world exploit appeared. Due to this, Google has rated the CVE-2023-6345 fix as a high-priority update due. The company has refrained from disclosing technical details until the majority of users and vendors employing the Chromium browser engine implement the fixes.

Security analysts note that Google TAG researchers reported CVE-2023-6345, highlighting its connection to spyware and APT activity. Comparisons are drawn with a previous similar flaw (CVE-2023-2136), suggesting the latest patch aims to prevent attackers from bypassing the earlier update.

More Security Patches

Alongside the zero-day fix, Google has released a total of seven security updates addressing various vulnerabilities:

  • CVE-2023-6348: Type Confusion in Spellcheck
  • CVE-2023-6347: Use after free in Mojo
  • CVE-2023-6346: Use after free in WebAudio
  • CVE-2023-6350: Out of bounds memory access in libavif
  • CVE-2023-6351: Use after free in libavif

This latest announcement marks the fourth zero-day vulnerability Google has disclosed and patched in its Chrome browser this year.

Update Google Chrome

As we said earlier, patches and updates are the best way to fix vulnerabilities. So if you’re using Mac or Linux, the update will take your browser to version 119.0.6045.199, while Windows users will be upgraded to version 119.0.6045.199/.200. To check if the update is available, go to “Help” in your Google Chrome menu, and then click on “About”. If the update is ready, it will automatically start downloading.

Update google chrome
Google Chrome update downloading window

It may take a few days for the update to be available to everyone. Once you have installed the update, make sure to restart your browser for the changes to take effect. Otherwise, your browser will remain vulnerable to attacks.

Google Addresses Zero-Day Vulnerability in Chrome

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *