Security News > 2023 > November > Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes
Google has rolled out six Chrome security fixes including one emergency patch for a bug for which exploit code is already out there.
Google doesn't provide a whole lot of detail about the bug, nor any details about who may be exploiting it and to what nefarious end.
Networking kit vendor Zyxel issued patches for six vulnerabilities, including three critical 9.8-rated bugs that could allow an unauthenticated attacker to execute some operating system commands on network-attached storage products.
In addition to the CVE with exploit code in the wild, the latest Chrome release addresses five other high-severity flaws.
Google pushed patches for three use-after-free flaws: one in Mojo tracked as CVE-2023-6347, and one in WebAUdio tracked as CVE-2023-6346, and one in libavif tracked as CVE-2023-6351.
Google isn't aware of any in-the-wild exploits for these issues.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/30/chrome_zeroday/
Related news
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- AlmaLinux 9.5 released: Security updates, new packages, and more! (source)
- Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0 (source)
- Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data? (source)
- Wireshark 4.4.2: Security updates, bug fixes, updated protocol support (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-29 | CVE-2023-6351 | Use After Free vulnerability in multiple products Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. | 8.8 |
| 2023-11-29 | CVE-2023-6347 | Use After Free vulnerability in multiple products Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-11-29 | CVE-2023-6346 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |