Security News > 2023 > November > Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)
Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability that is being actively exploited in the wild.
CVE-2023-6345, reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group, is due to an integer overflow in Skia - an open source 2D graphics library commonly used as a graphics engine for Google Chrome, ChromeOS, Android, Flutter, and others.
The company says that the vulnerability is being exploited by attackers, but will not be sharing further details until most users have applied the update.
The company has addressed the vulnerabilities in the Stable channel and users are advised to update to versions 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows, which will roll out over the coming days/weeks.
Google has recently had to fix several zero days in its Chrome browser that have been actively exploited in the wild.
In late September, Google fixed another heap buffer overflow vulnerability, this time in vp8 encoding in libvpx - a Google and AOMedia video codec library.
News URL
https://www.helpnetsecurity.com/2023/11/29/cve-2023-6345/
Related news
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google Chrome gets real-time phishing protection later this month (source)
- Google Introduces Enhanced Real-Time URL Protection for Chrome Users (source)
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Miscreants are exploiting enterprise tech zero days more and more, Google warns (source)
- Zero-day exploitation surged in 2023, Google finds (source)
- Google agrees to delete Chrome browsing data of 136 million users (source)
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google fixes two Pixel zero-day flaws exploited by forensics firms (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-29 | CVE-2023-6345 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. | 9.6 |