Security News > 2023 > November > Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes
Google has rolled out six Chrome security fixes including one emergency patch for a bug for which exploit code is already out there.
Google doesn't provide a whole lot of detail about the bug, nor any details about who may be exploiting it and to what nefarious end.
Networking kit vendor Zyxel issued patches for six vulnerabilities, including three critical 9.8-rated bugs that could allow an unauthenticated attacker to execute some operating system commands on network-attached storage products.
In addition to the CVE with exploit code in the wild, the latest Chrome release addresses five other high-severity flaws.
Google pushed patches for three use-after-free flaws: one in Mojo tracked as CVE-2023-6347, and one in WebAUdio tracked as CVE-2023-6346, and one in libavif tracked as CVE-2023-6351.
Google isn't aware of any in-the-wild exploits for these issues.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/30/chrome_zeroday/
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-29 | CVE-2023-6351 | Use After Free vulnerability in multiple products Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. | 8.8 |
| 2023-11-29 | CVE-2023-6347 | Use After Free vulnerability in multiple products Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-11-29 | CVE-2023-6346 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |