Security News > 2023 > November > Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
2023-11-29 04:27
Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have been
News URL
https://thehackernews.com/2023/11/zero-day-alert-google-chrome-under.html
Related news
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Google Chrome gets real-time phishing protection later this month (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google Chrome: Security and UI Tips You Need to Know (source)
- Google Chrome's new post-quantum cryptography may break TLS connections (source)
- Google Chrome is getting native support for YouTube-like video chapters (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Google Introduces Enhanced Real-Time URL Protection for Chrome Users (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-29 | CVE-2023-6345 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. | 9.6 |