Google has today updated Chrome to Chrome version 119.0.6045.199 /200 due to a Zero-Day used by cyber-attacks.
Google has released a security update to fix seven security issues in its Chrome browser, including a zero-day that has become an active hacking tool.
The CVE-2023-6345 vulnerability has been classified as a high severity vulnerability and has been described as an Integer overflow bug in “Skia”, an open source 2D graphics library.
It was discovered by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) and reported to the company on November 24, 2023. It is such a serious vulnerability, which is already causing system breaches, that Google although did not share additional information about with the nature of the attacks and the threat actors carrying out global attacks, it immediately rushed to issue a security update.
It's worth noting that Google released patches for a similar Integer overflow flaw in the same component ( CVE-2023-2136 ) in April 2023, which was also actively exploited as a zero-day, raising the possibility that CVE-2023 -6345 could be a bypass patch for the first one.
With the latest update, Google has faced a total of six zero-days in Chrome since the beginning of the year –
Recommended users to upgrade to Chrome version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux to mitigate potential threats.
It is also recommended users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi to apply the patches when they become available.