Google issues an emergency update to fix zero-day exploit for Chrome. Other browsers like Edge also affected [View all]

Emergency fixes for other Chromium-based browsers have been released recent days.
That includes Edge, Opera, Vivaldi and Brave. If your browser has not been updated
since November 28, check for updates now.

__________________________________________________

Source: ZDNet.com

Google issues an emergency update to fix yet another zero-day exploit for Chrome. Here's what to know

2023 has been a banner year for zero-day exploits in Chrome and Google has patched its 6th and this one is considered an "emergency."

Written by Jack Wallen, Contributing Writer
Nov. 30, 2023 at 7:27 a.m. PT

If you are one of the millions of worldwide Chrome users, it's time for yet another update. That's right, a sixth zero-day exploit has been discovered in Chrome and, fortunately, the update was released shortly after.

If you're uncertain as to what a zero-day vulnerability is, it's simply a vulnerability that has been discovered but not yet patched.

The exploit in question is CVE-2023-6345 and does exist in the wild. According to Tenable, the official description of this vulnerability is, "Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)."

-snip-

CVE-2023-6345: Integer overflow in Skia.

It is the final vulnerability, listed above, that is the zero-day exploit. It's interesting to know that this vulnerability is listed as High and not Critical. Even so, any bug listed as High should be considered a must-patch. Other than saying this vulnerability exists in the wild, Google has been a bit hush-hush about it. You can read Google's official statement about the issue.

-snip-

Read more: https://www.zdnet.com/article/google-issues-an-emergency-update-to-fix-yet-another-zero-day-exploit-for-chrome-heres-what-to-know/