Security News > 2023 > November > Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes
Google has rolled out six Chrome security fixes including one emergency patch for a bug for which exploit code is already out there.
Google doesn't provide a whole lot of detail about the bug, nor any details about who may be exploiting it and to what nefarious end.
Networking kit vendor Zyxel issued patches for six vulnerabilities, including three critical 9.8-rated bugs that could allow an unauthenticated attacker to execute some operating system commands on network-attached storage products.
In addition to the CVE with exploit code in the wild, the latest Chrome release addresses five other high-severity flaws.
Google pushed patches for three use-after-free flaws: one in Mojo tracked as CVE-2023-6347, and one in WebAUdio tracked as CVE-2023-6346, and one in libavif tracked as CVE-2023-6351.
Google isn't aware of any in-the-wild exploits for these issues.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/30/chrome_zeroday/
Related news
- Google Chrome to block admin-level browser launches for better security (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Chrome to use on-device AI to detect tech support scams (source)
- Google fixes high severity Chrome flaw with public exploit (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-29 | CVE-2023-6351 | Use After Free vulnerability in multiple products Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. | 8.8 |
| 2023-11-29 | CVE-2023-6347 | Use After Free vulnerability in multiple products Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-11-29 | CVE-2023-6346 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |