If you are one of the millions of worldwide Chrome users, it's time for yet another update.
A sixth zero-day exploit has been discovered in Chrome and the update was released shortly after.
If you're uncertain as to what a zero-day vulnerability is, it's simply a vulnerability that has been discovered but not yet patched.
Also: Android's September security update fixes actively exploited zero-day and more.
The exploit in question is CVE-2023-6345 and does exist in the wild.
According to Tenable, the official description of this vulnerability is, "Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file."
The Chrome Stable channel has been updated to 119.0.6045 for both Linux and Mac and 119.0.6045.199/.200 for Windows.
Although the update hasn't been rolled out for every user, Google has confirmed it will happen over the coming days/weeks.
It is the final vulnerability, listed above, that is the zero-day exploit.
It's interesting to know that this vulnerability is listed as High and not Critical.
Any bug listed as High should be considered a must-patch.
Other than saying this vulnerability exists in the wild, Google has been a bit hush-hush about it.
You can read Google's official statement about the issue.
Also: Hands on with Google's new Titan Security Keys - and why they still have their place.
To find out which version of Chrome you are using, go to Settings > About Chrome, where you'll see the version number.
If there is an update available, make sure to click Relaunch, so the updates will be applied.
If you find your version is out-of-date, you can always go to the Chrome download page, download the latest version, and install it.
This Cyber News was published on www.zdnet.com. Publication date: Sat, 02 Dec 2023 15:13:06 +0000