According to MacRumors , Google has released a critical security update for Chrome on macOS, Windows, and Linux to fix a zero-day vulnerability that is being actively exploited. In the Chrome update, Google said it was "aware that CVE-2023-6345 is in the wild."
Chrome browser has serious zero-day vulnerability
Discovered by security researchers at Google's Threat Analysis Group (TAG) last week, the new vulnerability is believed to be related to the Skia open-source 2D graphics library in Chrome's graphics engine. Google has not provided further details on how the CVE-2023-6345 vulnerability is being exploited, as it does not want to alert bad actors.
According to the macOS update 119.0.6045.199 notes, the exploit allows one or more attackers to “potentially perform an escape from the sandbox via a malicious file,” which could theoretically lead to them executing arbitrary code and stealing data.
By default, Chrome automatically updates itself when a new version is available. However, users should also manually update immediately to avoid the risk of zero-day exploits. In Chrome settings, click the About Chrome tab and click Update Google Chrome. If there is no option to update, you are already upgraded to the latest version.
This year, Google has fixed six zero-day vulnerabilities, including two that were also abused and addressed in September: CVE-2023-5217 and CVE-2023-4863.
Source link
Comment (0)