Google has released a new emergency security update for Chrome to address a highly serious zero-day vulnerability currently being exploited by hackers.
As reported by BleepingComputer, the zero-day in question (tracked as CVE-2023-6345) is currently available in Chrome version 119.0.6045.199/.200 for Windows and version 119.0 for Mac and Linux .6045.199 have been patched.
In an advisory released in conjunction with the emergency security update, the Chrome team explained that the update includes fixes for six other security flaws, all of which are high severity vulnerabilities. With this latest security update for the browser, Google has fixed a total of six zero-day vulnerabilities that hackers can exploit this year alone.
If you haven't updated Chrome recently, we encourage you to install this emergency security update as soon as possible. This is because there is a (albeit relatively small) chance that the patched zero-day vulnerability could be used by hackers in an attack. Still, cybercriminals often target users with outdated software, so it is always a good idea to keep your browser up-to-date.
As with other recent zero-day flaws, Google has not said much about how hackers are currently exploiting this zero-day flaw. However, this is fairly standard, and Apple is doing the exact same thing with its iPhone and Mac zero-day.
The reasoning behind this is quite simple. In this case, if Apple and Google talk too much about how hackers are using zero-day attacks, other cybercriminals may follow suit and develop their own exploits. By not revealing details for the time being, Google and other tech giants are giving users enough time to download and install the latest security updates.
The most recent highly serious zero-day flaw in Chrome is an integer overflow bug in the open source 2D graphics library Skia. However, it is also used in other products besides Chrome, including ChromeOS in the best Chromebooks, Android, and Flutter.
Since the flaw was discovered by two security researchers from Google's Threat Analysis Group (TAG), BleepingComputer believes that hackers may be exploiting it for spyware attacks. However, since this type of zero-day flaw is often used by state-sponsored hackers who target high-profile individuals such as journalists and politicians, most people would not have to worry about falling victim to an attack.
Nevertheless, keeping your browser up-to-date is one of the most important and easiest ways to protect yourself from hackers.
As mentioned before, installing the latest security updates and patches as soon as they become available is the easiest way to avoid being caught in a cyber attack that exploits a recently discovered zero-day flaw.19]
To manually check for updates open Settings by clicking on the three-dot menu, then About Chrome, and Google will notify you with a color-coded alert system when new updates and patches become available. In this case, a balloon appears next to your Chrome profile picture: updates that are 2 days old turn green, updates that are 4 days old turn orange, and updates that are over a week old turn red.
In addition to keeping your browser up-to-date, you should use the best antivirus software on your Windows PC, the best Mac antivirus software on your Apple computer, and the best Android antivirus app on your Android smartphone. That way, you can be sure to protect yourself from malware and other viruses.
Zero-day flaws in common software are more common than you think, but in this case, as long as you keep your browser up to date, you should be fine. When a new update appears, don't put it off; take the time to install it. Fortunately, Chrome updates quickly and reopens all current tabs after a restart, so you can resume right where you left off.
Comments