Google Chrome Fixes Zero Day Vulnerability

Google Chrome Fixes Zero Day Vulnerability

Google released an update for Chrome 117 with 10 new security fixes, including one for a vulnerability that is known to have already been exploited. The update addresses a new actively exploited zero-day vulnerability that could lead to program crashes or arbitrary code execution.

Google has released a number of security updates to fix zero-day vulnerabilities in Chrome:

  • CVE-2023-4863: A zero-day heap buffer overflow vulnerability in Google Chrome’s WebP
  • CVE-2023-6345: A zero-day vulnerability that is being actively exploited in the wild

To avoid your system being left exposed, you can manually update to the latest version of Chrome:

  • Mac and Linux: 119.0.6045.199
  • Windows: 119.0.6045.199/.200

As is typically the case, the search giant acknowledged that “an exploit for CVE-2023-6345 exists in the wild,” but stopped short of sharing additional information surrounding the nature of attacks and the threat actors that may be weaponizing it in real-world attacks.

It’s worth noting that Google released patches for a similar integer overflow flaw in the same component (CVE-2023-2136) in April 2023 that had also come under active exploitation as a zero-day, raising the possibility that CVE-2023-6345 could be a patch bypass for the former.

CVE-2023-2136 is said to have “allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”

With the latest update, the tech giant has addressed a total of seven zero-days in Chrome since the start of the year –

  • CVE-2023-2033 (CVSS score: 8.8) – Type confusion in V8
  • CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
  • CVE-2023-3079 (CVSS score: 8.8) – Type confusion in V8
  • CVE-2023-4762 (CVSS score: 8.8) – Type confusion in V8
  • CVE-2023-4863 (CVSS score: 8.8) – Heap buffer overflow in WebP
  • CVE-2023-5217 (CVSS score: 8.8) – Heap buffer overflow in vp8 encoding in libvpx

Users are recommended to upgrade to Chrome version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Share This:
Tags:

California18

Welcome to California18, your number one source for Breaking News from the World. We’re dedicated to giving you the very best of News.

Leave a Reply