You Should Update Chrome Right Now (Again)

Consideration Chrome and Chromium-browser customers: Your web exercise is weak to cyberattacks, except you replace to the newest model of your browser.

On Tuesday, Google introduced on the Chrome Releases weblog {that a} new model of Chrome, 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Home windows, is obtainable, and patches seven completely different safety vulnerabilities. All of those found points are rated as “excessive” in severity, however Google solely names six of them:

  • Excessive CVE-2023-6348: Sort Confusion in Spellcheck. Reported by Mark Model of Google Mission Zero on 2023-10-10

  • Excessive CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Analysis Institute on 2023-10-21

  • Excessive CVE-2023-6346: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Mild-Yr Safety Lab on 2023-11-09

  • Excessive CVE-2023-6350: Out of bounds reminiscence entry in libavif. Reported by Fudan College on 2023-11-13

  • Excessive CVE-2023-6351: Use after free in libavif. Reported by Fudan College on 2023-11-13

  • Excessive CVE-2023-6345: Integer overflow in Skia. Reported by Benoît Sevens and Clément Lecigne of Google’s Menace Evaluation Group on 2023-11-24

Whereas all vulnerabilities are vital to patch, it is the final one, CVE-2023-6345, that is essentially the most regarding. Google confirmed it’s conscious an exploit for this vulnerability exists within the wild, which suggests dangerous actors both know easy methods to use it towards customers, or they have already got.

We do not know a lot concerning the difficulty, aside from that it is an integer overflow flaw in Skia. Skia is an open supply 2D graphics engine, whereas an integer overflow happens when the results of an operation would not match the respective quantity of reminiscence the system units apart. Whereas not all integer overflow flaws result in vulnerabilities, this one does—which suggests dangerous actors could possibly use it to take over the system.

This replace follows a Nov. 14 replace that patched 4 safety flaws, in addition to a Nov. 7 replace that patched one. The final replace that patched a zero-day safety flaw was issued Sept. 11.

The way to replace your browser

As this flaw impacts the underlying code utilized in Chrome, all Chromium-based browsers ought to be up to date to patch this difficulty. Which means Chrome, after all, but additionally browsers like Edge, Opera, and Courageous.

Your browser could also be set to replace robotically, however you’ll be able to set off an replace manually if the replace hasn’t been put in but. Normally, that is within the browser’s settings. In Chrome, for instance, you’ll be able to click on the three dots within the top-right nook of the window, head to Assist > About Google Chrome, then permit the browser to search for an replace. If one is obtainable, observe the on-screen directions to put in the replace.

Info: This put up is rewritten with inspiration from the unique URL. Please click on on the supply hyperlink to learn the unique put up

Supply Hyperlink :

Related Articles

Back to top button