Latest Chrome Browser Update Fixes Critical Security Flaw
Google has issued a critical security update for Chrome on macOS, Windows, and Linux that fixes a zero-day vulnerability in the browser. On Tuesday, Google in a Chrome stable channel update said it “is aware that an exploit for CVE-2023-6345 exists in the wild.”
Google has not provided further details about the CVE-2023-6345 exploit, which was discovered last week by security researchers in Google’s Threat Analysis Group (TAG). However, it is believed to be related to Skia, the open-source 2D graphics library in the Chrome graphics engine.
According to the notes for the macOS update 119.0.6045.199, the exploit allowed at least one attacker to “potentially perform a sandbox escape via a malicious file,” which could theoretically result in arbitrary code execution and data theft.
Users who have Chrome browser set up to automatically update should not need to do anything. Anyone else is advised to manually update immediately (version 119.0.6045.199 on macOS) to avoid the risk posed by the zero-day exploit. In Chrome settings, click the About Chrome tab, and click Update Google Chrome. If there is no option to update, you are already on the latest version.
Comments are closed.