Update Google Chrome now - another zero-day security flaw has been found

TAG found a Google Chrome zero-day that’s actively being abused in the wild

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you’re aGoogleChrome user, make sure to check for the latest update, because Google just patched its sixth zero-day vulnerability of the year.

The vulnerability, stemming from an integer overflow weakness in the Skia open-source 2D graphics library, is being actively abused in the wild, so don’t wait to update yourbrowser.

The vulnerability was discovered late last week by two security researchers working with Google’s Threat Analysis Group (TAG). This department is usually tasked with finding zero-day vulnerabilities inendpointsand tracking state-sponsored threat actors, so it’s safe to assume that at least one of the groups exploiting this flaw was state-sponsored.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

No further details

Google said it will not disclose more details about this vulnerability until the majority of the browsers have been updated. The earliest secure version is 119.0.6045.199/.200 for Windows users and 119.0.6045.199 for Mac and Linux users.

While Google usually rolls out the patch slowly across different regions, when we checked for updates, it was already available (version 119.0.6045.200). “Google is aware that an exploit for CVE-2023-6345 exists in the wild,” the company said.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” the company said.

Withholding details is standard practice for vulnerabilities that are being actively exploited, as sharing more could motivate other attackers to develop their own malware.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Google has so far fixed six zero-day vulnerabilities this year, including two that were addressed in September - CVE-2023-5217 and CVE-2023-4863. These two were also being abused in the wild, Google said at the time.

Chrome is one of the world’s most popular browsers, making it an attractive target for criminals.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Anker Nebula Mars 3 review: A powerful and truly portable projector