Google Chrome Update Fixes High-Severity Zero-Day Vulnerability That Was Actively Exploited


Google is rolling out a security patch for its Chrome web browser that fixes a security flaw that could allow a malicious user to run dangerous code on a user’s computer. The update is available for Windows, macOS, and Linux computers and users should install the latest version in order to remain protected from the zero-day vulnerability — the sixth one to be patched by Google this year. The company is expected to provide more information once the update has been rolled out to several users.

Spotted by Android Central, the update to Google Chrome 119.0.6045.199 for macOS and Linux began rolling out to users earlier this week, alongside version 119.0.6045.200 for Windows computers with a fix for a zero-day vulnerability in tow. These are flaws that were previously unknown to the developers of the software, making them a target for malicious users.

With the latest Google Chrome update, the company has patched the security bug tracked by the National Institute of Standards and Technology (NIST) as CVE-2023-6345. While the company hasn’t revealed a great deal of information related to the security flaw, the firm says it knows that “an exploit for CVE-2023-6345 exists in the wild” in its release notes for the latest update. Users should enable automatic updates for Chrome or manually update to the latest versions in order to get the latest fixes.

Meanwhile, the entry for the vulnerability on the NIST website has been assigned a “High” severity level. The description states that it is related to the open source Skia library that is used in Google Chrome. An attacker could use a malicious file to compromise the renderer process and escape the sandbox — a system designed to separate the browser and the system, to keep the latter protected.

The company credits Benoît Sevens and Clément Lecigne from its Threat Analysis Group (TAG) with discovering the vulnerability that was found on November 24 and swiftly patched by the company. At the moment, it is unclear whether other browsers and applications that are also based on Google’s open-source Chromium browser project are also affected by the flaw, or when they will receive updates with security patches.

Affiliate links may be automatically generated – see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Nothing Phone 2 Price in India Gets a Permanent Price Cut; Now Starts at Rs. 39,999

UN to Educate Over 22,000 Staff Members on Blockchain, Web3: Here’s Why

Related Stories

Articles You May Like

Marshall Minor IV With 12mm Dynamic Drivers, Bluetooth Multipoint Support Launched in India
Google’s Privacy Sandbox Accused of User Tracking by Austrian Non-Profit
Elon Musk drops suit against OpenAI and Sam Altman
Samsung Galaxy Watch FE Price, Colour Options Listed on Amazon Ahead of Debut
Apple Planning AI Integrations With Google Gemini and Other AI Models in the Future: Report