CVE-2023-6345: Google Chrome Zero-Day Vulnerability
Google, a frontrunner in digital security, recently announced the rollout of patches addressing seven critical security flaws, including a particularly menacing zero-day vulnerability in its Chrome browser. This actively exploited flaw, tracked as CVE-2023-6345, could allow attackers to remotely execute code on affected devices.
This flaw is characterized as an integer overflow within Skia, a robust open-source 2D graphics library integral to Chrome’s functioning. Uncovered by Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group (TAG) on November 24, 2023, this vulnerability stands out due to its active exploitation in the wild.
“Google is aware that an exploit for CVE-2023-6345 exists in the wild,” the company said.
Google TAG, acclaimed for its prowess in identifying zero-day vulnerabilities, often finds itself in a cat-and-mouse game with state-sponsored hacking groups. These nefarious entities exploit such vulnerabilities in spyware campaigns targeting high-profile individuals, including journalists and opposition politicians.
Apart from CVE-2023-6345, Google’s latest update remedies six additional security issues:
- CVE-2023-6348: A type confusion flaw in Spellcheck.
- CVE-2023-6347: Use-after-free in Mojo.
- CVE-2023-6346: Use-after-free in WebAudio.
- CVE-2023-6350 & CVE-2023-6351: Two distinct vulnerabilities involving out-of-bounds memory access and use-after-free in libavif.
These vulnerabilities, while not exploited in the wild like CVE-2023-6345, posed significant risks and underscored the diverse array of threats lurking in digital environments.
Google has responded swiftly, rolling out patched versions in the Stable Desktop channel. Windows users can update to versions 119.0.6045.199/.200, while Mac and Linux users should move to version 119.0.6045.199. This proactive step is crucial in safeguarding millions of users across various platforms.
Users of Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also at risk and are advised to stay vigilant and update their browsers as soon as patches are available.