Security News > 2023 > November > Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes
Google has rolled out six Chrome security fixes including one emergency patch for a bug for which exploit code is already out there.
Google doesn't provide a whole lot of detail about the bug, nor any details about who may be exploiting it and to what nefarious end.
Networking kit vendor Zyxel issued patches for six vulnerabilities, including three critical 9.8-rated bugs that could allow an unauthenticated attacker to execute some operating system commands on network-attached storage products.
In addition to the CVE with exploit code in the wild, the latest Chrome release addresses five other high-severity flaws.
Google pushed patches for three use-after-free flaws: one in Mojo tracked as CVE-2023-6347, and one in WebAUdio tracked as CVE-2023-6346, and one in libavif tracked as CVE-2023-6351.
Google isn't aware of any in-the-wild exploits for these issues.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/30/chrome_zeroday/
Related news
- Google Chrome: Security and UI Tips You Need to Know (source)
- Google Chrome gets real-time phishing protection later this month (source)
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Google Chrome's new post-quantum cryptography may break TLS connections (source)
- Google Chrome is getting native support for YouTube-like video chapters (source)
- Google Introduces Enhanced Real-Time URL Protection for Chrome Users (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- GoFetch security exploit can't be disabled on M1 and M2 Apple chips (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-29 | CVE-2023-6351 | Use After Free vulnerability in multiple products Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. | 8.8 |
2023-11-29 | CVE-2023-6347 | Use After Free vulnerability in multiple products Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-11-29 | CVE-2023-6346 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |