Google has today updated Chrome to Chrome version 119.0.6045.199 /200 due to a Zero-Day used by cyber-attacks.
Google has released a security update to fix seven security issues in its Chrome browser, including a zero-day that has become an active hacking tool.
The vulnerability CVE-2023-6345 has been classified as a high severity vulnerability and described as an Integer overflow bug in “Skia”, acase open source 2D graphics.
It was discovered by Benoît Sevens and her Clément Lecigne teams Threat Analysis Group (TAG) of Google and reported it to the company on November 24, 2023. It is such a serious vulnerability, which is already causing system breaches, that Google although did not share additional information about the nature of the attacks and the threat actors that carry out global attacks, immediately rushed to issue a security update.
It's worth noting that Google released patches for a similar Integer overflow flaw in the same component ( CVE-2023-2136 ) in April 2023, which was also actively exploited as a zero-day, raising the possibility that CVE-2023 -6345 could be a bypass patch for the first one.
With the latest update, Google has faced a total of six zero-days in Chrome since the beginning of the year –
Recommended to users to upgrade to Chrome version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux to mitigate potential threats.
It is also recommended to users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi to apply the patches when they become available.
