Thursday, December 12, 2024
Homecyber securityChrome Zero-Day Vulnerability That Exploited In The Wild

Chrome Zero-Day Vulnerability That Exploited In The Wild

Published on

SIEM as a Service

Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this year. The flaw, identified as CVE-2023-6345, is classified as an integer overflow in Skia, an open-source 2D graphics library written in C++.

“Google is aware that an exploit for CVE-2023-6345 exists in the wild,” Google said.

There are several potential risks associated with this high-severity zero-day vulnerability, including the execution of arbitrary code and crashes.

- Advertisement - SIEM as a Service

On November 24, 2023, Benoît Sevens and Clément Lecigne from Google’s Threat Analysis Group reported the issue.

Google has upgraded the Stable channel version 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows, addressing the year’s sixth actively exploited zero-day vulnerability. This upgrade will be rolled out over the next few days/weeks.

Additionally, Google has fixed six high-severity security vulnerabilities with this update.

Details of the Vulnerabilities Addressed

Type Confusion in Spellcheck is a high-severity bug that is being tracked as CVE-2023-6348. Mark Brand from Google Project Zero reported the issue.

Use after free in Mojo is the next high-severity bug, tagged as CVE-2023-6347. 360 Vulnerability Research Institute’s Leecraso and Guang Gong reported the issue, and they were rewarded with a bounty of $31,000.

Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

Use after free in WebAudio is a high-severity issue identified as CVE-2023-6346. Following Huang Xilin of Ant Group Light-Year Security Lab’s disclosure, a $10,000 prize was given out.

A High severity bug in libavif, Out-of-bounds memory access, is tagged as CVE-2023-6350. Fudan University reported it, and $7000 was given out.

Use after free in libavif is a high-severity bug identified as CVE-2023-6351. Fudan University reported it, and $7000 was given out.

Update Now

To stop exploitation, Google highly advises users to update their Chrome web browser right away. The following are the easy procedures that you must follow to update the Chrome web browser:-  

  • Go to the Settings option.
  • Then select About Chrome.
  • Wait, as Chrome will automatically fetch and download the latest update.
  • Once the installation process completes, you have to restart Chrome.
  • That’s it. Now you are done.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

GitLab Security Update, Patch for Critical Vulnerabilities

GitLab announced the release of critical security patches for its Community Edition (CE) and...

BadRAM Attack Breaches AMD Secure VMs with $10 Device

Researchers have uncovered a vulnerability that allows attackers to compromise AMD's Secure Encrypted Virtualization...

Splunk RCE Vulnerability Let Attackers Execute Remote Code

Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution...

Europol Shutsdown 27 DDoS Service Provider Platforms

In a major international operation codenamed “PowerOFF,” Europol, collaborating with law enforcement agencies across...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

GitLab Security Update, Patch for Critical Vulnerabilities

GitLab announced the release of critical security patches for its Community Edition (CE) and...

BadRAM Attack Breaches AMD Secure VMs with $10 Device

Researchers have uncovered a vulnerability that allows attackers to compromise AMD's Secure Encrypted Virtualization...

Splunk RCE Vulnerability Let Attackers Execute Remote Code

Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution...