Heads up, Chrome users! Google has released another major Chrome browser update addressing a zero-day vulnerability under attack. Hence, it is pertinent to update all devices with Chrome browser installed on them to avoid potential threats.
Google Patched One More Chrome Zero-Day Vulnerability
As we reach the end of 2023, the tech giant Google has fixed one more zero-day in its Chrome browser under active attack, extending the trail of zero-day patches released this year.
According to the latest Chrome release for Desktop, the firm addressed several vulnerabilities affecting the Chrome browser, including an actively exploited zero-day. While the tech giant has maintained its policy of keeping the vulnerability details hidden for a while until most customers receive the update, it did share a list of the six high-severity security flaws riddling the browser. These include,
- CVE-2023-6348: Type confusion vulnerability affecting Chrome Spellcheck. This vulnerability caught the attention of Google Project Zero researcher Mark Brand.
- CVE-2023-6347: A use-after-free flaw in Mojo. Google acknowledged the researchers Leecraso and Guang Gong of 360 Vulnerability Research Institute for reporting the vulnerability, rewarding them with a $31000 bounty.
- CVE-2023-6346: Another use after free vulnerability impacting WebAudio. Google rewarded the researcher Huang Xilin of Ant Group Light-Year Security Lab with a $10000 bounty for reporting this bug.
- CVE-2023-6351: this use after free vulnerability affected libavif, winning the Fudan University researchers a $7000 bounty.
- CVE-2023-6350: another libavif vulnerability reported by the Fudan University that earned them a $7000 bounty. Google described it as an out-of-bounds memory access flaw.
- CVE-2023-6345: the zero-day vulnerability that caught the attention of Google’s Threat Analysis Group researchers Clément Lecigne and Benoît Sevens. The advisory stated it as an integer overflow vulnerability in Skia, for which Google confirmed detecting active exploitation.
The tech giant patched these vulnerabilities with Chrome Stable Channel 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows. Moreover, as stated in the relevant advisory, Google patched the same vulnerabilities with its Chrome browser for Android version 119 (119.0.6045.193).
Let us know your thoughts in the comments.
