Google has rolled out security updates to take care of 7 security issues in its Chrome browser, together with a zero-working day that has come below lively exploitation in the wild.
Tracked as CVE-2023-6345, the higher-severity vulnerability has been described as an integer overflow bug in Skia, an open up source 2D graphics library.
Benoît Sevens and Clément Lecigne of Google’s Danger Examination Group (TAG) have been credited with exploring and reporting the flaw on November 24, 2023.
As is typically the case, the look for big acknowledged that “an exploit for CVE-2023-6345 exists in the wild,” but stopped brief of sharing further facts bordering the nature of attacks and the risk actors that could be weaponizing it in real-entire world assaults.
It can be worthy of noting that Google unveiled patches for a identical integer overflow flaw in the same element (CVE-2023-2136) in April 2023 that experienced also appear less than lively exploitation as a zero-working day, raising the risk that CVE-2023-6345 could be a patch bypass for the previous.
CVE-2023-2136 is stated to have “authorized a distant attacker who experienced compromised the renderer procedure to potentially complete a sandbox escape via a crafted HTML web page.”
With the hottest update, the tech giant has addressed a total of 6 zero-days in Chrome since the get started of the calendar year –
- CVE-2023-2033 (CVSS rating: 8.8) – Form confusion in V8
- CVE-2023-2136 (CVSS rating: 9.6) – Integer overflow in Skia
- CVE-2023-3079 (CVSS rating: 8.8) – Form confusion in V8
- CVE-2023-4863 (CVSS rating: 8.8) – Heap buffer overflow in WebP
- CVE-2023-5217 (CVSS rating: 8.8) – Heap buffer overflow in vp8 encoding in libvpx
Buyers are advised to enhance to Chrome version 119..6045.199/.200 for Windows and 119..6045.199 for macOS and Linux to mitigate probable threats. People of Chromium-primarily based browsers these types of as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to utilize the fixes as and when they grow to be available.
Discovered this article interesting? Follow us on Twitter and LinkedIn to browse extra distinctive articles we post.
Some parts of this article are sourced from:
thehackernews.com