Google has rolled out security updates to fix seven security issues in its Chrome browser, which include a zero-working day that has arrive less than lively exploitation in the wild.
Tracked as CVE-2023-6345, the superior-severity vulnerability has been explained as an integer overflow bug in Skia, an open up source 2D graphics library.
Benoît Sevens and Clément Lecigne of Google’s Risk Analysis Team (TAG) have been credited with discovering and reporting the flaw on November 24, 2023.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
As is generally the situation, the research big acknowledged that “an exploit for CVE-2023-6345 exists in the wild,” but stopped brief of sharing further details bordering the nature of attacks and the threat actors that could be weaponizing it in serious-entire world attacks.
It truly is worthy of noting that Google produced patches for a related integer overflow flaw in the similar ingredient (CVE-2023-2136) in April 2023 that had also occur below active exploitation as a zero-day, elevating the possibility that CVE-2023-6345 could be a patch bypass for the former.
CVE-2023-2136 is explained to have “allowed a remote attacker who experienced compromised the renderer system to perhaps execute a sandbox escape by way of a crafted HTML web page.”
With the newest update, the tech huge has resolved a total of six zero-days in Chrome considering the fact that the start of the yr –
- CVE-2023-2033 (CVSS rating: 8.8) – Style confusion in V8
- CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
- CVE-2023-3079 (CVSS rating: 8.8) – Form confusion in V8
- CVE-2023-4863 (CVSS rating: 8.8) – Heap buffer overflow in WebP
- CVE-2023-5217 (CVSS score: 8.8) – Heap buffer overflow in vp8 encoding in libvpx
End users are suggested to enhance to Chrome edition 119..6045.199/.200 for Windows and 119..6045.199 for macOS and Linux to mitigate likely threats. End users of Chromium-dependent browsers these kinds of as Microsoft Edge, Courageous, Opera, and Vivaldi are also recommended to utilize the fixes as and when they grow to be offered.
Located this short article appealing? Follow us on Twitter and LinkedIn to read additional special information we write-up.
Some elements of this short article are sourced from:
thehackernews.com