Google has released a critical security update for Chrome users on Mac, Linux, and Windows, addressing a zero-day vulnerability identified as CVE-2023-6345. The Verge reports that this vulnerability, discovered by Google’s Threat Analysis Group on Nov. 24, poses a significant risk, potentially allowing hackers to access personal data and deploy malicious code.
CVE-2023-6345 is an integer overflow weakness within Skia, the open-source 2D graphics library used in Google Chrome’s graphics engine. Attackers could use this vulnerability to escape the sandbox with a malicious file, risking system infection and data theft. Google, like many tech companies, is withholding details about the exploit to prevent further risks.
Immediate action recommended for Google Chrome users
Users with automatic Chrome updates enabled may not need to take further action. For those who update Chrome manually, it’s crucial to install the latest version as soon as possible. The updated versions are 119.0.6045.199 for Mac and Linux, and 119.0.6045.199/.200 for Windows. This update is part of Google’s ongoing efforts to enhance security and protect user data, with the fix rolling out progressively over the next few days and weeks.
Google’s prompt response to this zero-day vulnerability underscores the importance of regular software updates as a defense against cyber threats. Users are advised to keep their systems updated and stay vigilant against potential cyber attacks.