If you’re one of many thousands and thousands of worldwide Chrome customers, it is time for one more replace. That is proper, a sixth zero-day exploit has been found in Chrome and, happily, the replace was launched shortly after.
If you happen to’re unsure as to what a zero-day vulnerability is, it is merely a vulnerability that has been found however not but patched.
Additionally: Android’s September safety replace fixes actively exploited zero-day and extra
The exploit in query is CVE-2023-6345 and does exist within the wild. In response to Tenable, the official description of this vulnerability is, “Integer overflow in Skia in Google Chrome previous to 119.0.6045.199 allowed a distant attacker who had compromised the renderer course of to doubtlessly carry out a sandbox escape by way of a malicious file. (Chromium safety severity: Excessive).”
The Chrome Steady channel has been up to date to 119.0.6045 for each Linux and Mac and 119.0.6045.199/.200 for Home windows. Though the replace hasn’t been rolled out for each person, Google has confirmed it would occur over the approaching days/weeks.
This replace contains seven totally different safety fixes (together with for the zero-day exploit), that are:
- CVE-2023-6348: Kind Confusion in Spellcheck
- CVE-2023-6347: Use after free in Mojo.
- CVE-2023-6346: Use after free in WebAudio.
- CVE-2023-6350: Out of bounds reminiscence entry in libavif.
- CVE-2023-6351: Use after free in libavif.
- CVE-2023-6345: Integer overflow in Skia.
It’s the ultimate vulnerability, listed above, that’s the zero-day exploit. It is fascinating to know that this vulnerability is listed as Excessive and never Crucial. Even so, any bug listed as Excessive must be thought of a must-patch. Aside from saying this vulnerability exists within the wild, Google has been a bit hush-hush about it. You possibly can learn Google’s official assertion in regards to the subject.
Additionally: Palms on with Google’s new Titan Safety Keys – and why they nonetheless have their place
To search out out which model of Chrome you’re utilizing, go to Settings > About Chrome, the place you may see the model quantity. If there may be an replace obtainable, be certain to click on Relaunch, so the updates can be utilized. If you happen to discover your model is out-of-date, you’ll be able to at all times go to the Chrome obtain web page, obtain the most recent model, and set up it.
Info: This publish is rewritten with inspiration from the unique URL. Please click on on the supply hyperlink to learn the unique publish
Supply Hyperlink : https://www.zdnet.com/article/you-should-probably-update-your-google-chrome-browser-this-weekend/#ftag=RSSbaffb68