Security News > 2023 > November > Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes
Google has rolled out six Chrome security fixes including one emergency patch for a bug for which exploit code is already out there.
Google doesn't provide a whole lot of detail about the bug, nor any details about who may be exploiting it and to what nefarious end.
Networking kit vendor Zyxel issued patches for six vulnerabilities, including three critical 9.8-rated bugs that could allow an unauthenticated attacker to execute some operating system commands on network-attached storage products.
In addition to the CVE with exploit code in the wild, the latest Chrome release addresses five other high-severity flaws.
Google pushed patches for three use-after-free flaws: one in Mojo tracked as CVE-2023-6347, and one in WebAUdio tracked as CVE-2023-6346, and one in libavif tracked as CVE-2023-6351.
Google isn't aware of any in-the-wild exploits for these issues.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/30/chrome_zeroday/
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Microsoft shares workaround for Windows security update issues (source)
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-29 | CVE-2023-6351 | Use After Free vulnerability in multiple products Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. | 8.8 |
| 2023-11-29 | CVE-2023-6347 | Use After Free vulnerability in multiple products Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-11-29 | CVE-2023-6346 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |