Google is warning Chrome users about an actively exploited zero-day vulnerability. A security update is available.
The tech giant discovered the CVE-2023-6345 vulnerability itself and marks it as very important. The bug affects the so-called Skia graphics engine. The Chrome browser uses this particular engine to display text and graphics. Another security vulnerability was also found in the Skia engine in Google Chrome in April of this year.
Details
Hackers can run arbitrary code within the context of the browser via the vulnerability. This is used for stealing sensitive data from end users. It also includes vulnerabilities that allow escaping from the Chrome sandbox.
Patch available
The recently discovered zero-day, along with other bugs, is fixed in a new update to the browser. Google Chrome version 119.0.6045.199/.200 is available for Windows. For Linux and macOS, version 119.0.6045.199 has been released. The Microsoft Edge browser, which is also based on the Google Chromium browser code, has not yet received an update.
Normally, updates to the browser occur automatically, but this can take up to a week. In the case of actively abused zero-days, manual installation of the update can be convenient.
Also read: Google implements new security and AI features in Chrome browser
23 hours ago
