Ensure Your Chrome Browser is Up-to-Date to Prevent Exploits Currently in Circulation

Online Security: Update Your Chrome Browser to Prevent Exploits Currently in Circulation | Mr. Business Magazine

A crucial security update has been released for certain Chrome browser users on Mac, Linux, and Windows, addressing a zero-day vulnerability that poses a risk of data theft and potential cyberattacks. Google acknowledged the existence of an exploit for CVE-2023-6345 in the wild through a Chrome stable channel update on Tuesday. The vulnerability, identified on November 24th by two security researchers within Google’s Threat Analysis Group (TAG), involves an integer overflow weakness affecting Skia, the open-source 2D graphics library in the Chrome graphics engine. While specific details about the exploit are limited, Google traditionally withholds information to prevent potential exploitation.

The update, version 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows addresses the issue, and users are advised to manually update if automatic updates are not enabled. Google indicates that the fix will be rolled out over the coming days/weeks.

Chrome Browser Security Updates:

The critical security update, now available for Chrome users on Mac, Linux, and Windows, addresses a zero-day vulnerability that could expose systems to data theft and cyberattacks. Google’s confirmation of the existence of an exploit for CVE-2023-6345 “in the wild” was part of a Chrome stable channel update on Tuesday. Discovered on November 24th by security researchers in Google’s Threat Analysis Group (TAG), the vulnerability is associated with an integer overflow weakness affecting Skia, the open-source 2D graphics library within the Chrome graphics engine.

While Google has not disclosed many details about the CVE-2023-6345 exploit, this approach is standard practice for tech companies to prevent potential attackers from leveraging detailed information. The exploit, as outlined in Chrome update notes, allowed at least one attacker to potentially perform a sandbox escape via a malicious file. Sandbox escapes can enable the injection of malicious code into vulnerable systems, leading to the theft of sensitive user data.

Updations:

For users with automatic updates enabled, the Chrome browser should already receive the necessary security patch. However, those without automatic updates are urged to manually update their Chrome browser to the latest version (119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows) within the Google Chrome browser settings. Google notes that the fix will be rolled out over the coming days/weeks, emphasizing the importance of prompt updates to prevent system vulnerabilities.

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday that a critical vulnerability, prompting an emergency update for the Chrome browser by Google, has been actively exploited on the open internet. This bug, impacting the 2D graphics-rendering code Skia, has been officially listed in the agency’s Known Exploited Vulnerabilities (KEV) catalog. Google released a security fix on Tuesday for this vulnerability, identified as CVE-2023-6345, acknowledging the existence of an exploit in the wild without providing extensive details.

Curious to learn more? Explore our articles on Mr. Business Magazine

Share Now:

Facebook
Twitter
LinkedIn