Time to update Chrome, another vulnerability is exploited in the wild

Martin Brinkmann
Nov 29, 2023
Google Chrome
|
8

Google released an update for its Chrome web browser some hours ago that fixes several vulnerabilities. One of these, CVE-2023-6345, is exploited in the wild according to Google.

Chrome users may want to update the browser asap to protect their browser against potential attacks. Updates are applied automatically over time on most user systems, but it may take days or even weeks before it lands on some devices.

Cautious users may want to speed up the process by selecting Menu > Help > About Google Chrome. The page that opens list the current version and installs any new version that is available, provided that there is an Internet connection. A restart completes the update.

The browser should now list one of the following versions on the page:

  • Chrome for Mac and Linux: 119.0.6045.199
  • Chrome for Windows: 119.0.6045.199 or 119.0.6045.200
  • Chrome Extended Stable for Mac and Windows: 118.0.5993.159
  • Chrome for Android: 119.0.6045.193

Chrome's 6th 0-day security issue in 2023

Google reveals that it patched seven security issues in the Chrome update. Of these, six are listed on the official release notes page on the Chrome Releases website.

Besides the vulnerability that is exploited in the wild, Google lists five additional security issues that it patched. Four of these have a high severity rating. Two issues, including the one that is exploited in the wild, have no severity rating at the time.

The issue that is exploited in the wild exists in Skia. Skia is an open source 2D graphics library. Chrome users it as its graphics engine, which makes it a major component of the web browser.

The five remaining vulnerabilities address use after free, out of bounds memory access and type confusion vulnerabilities in a variety of components, including spellchecking, WebAudio or libavif, a library for encoding and decoding avif files.

Closing Words

Other Chromium-based web browsers are affected by the vulnerabilities as well. Expect updates for Microsoft Edge, Brave, Opera or Vivaldi in the coming hours and days.

Now You: do you use a Chromium-based browser?

Summary
Article Name
Time to update Chrome, another vulnerability is exploited in the wild
Description
Google released an update for its Chrome web browser some hours ago that fixes several vulnerabilities, including a 0-day issue.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. tedium said on December 1, 2023 at 12:19 am
    Reply

    In the real world, what matters, security-wise, is if your app is successfully attacked or not.

    If you are not attacked because your app has tight code, that’s a win.

    If you are not attacked because your app has a smaller market share and hackers are not interested in it, that’s still a win.

    Arguing about which app is hypothetically more secure might be interesting for academics and fanboys, but I work in the real world. The app that receives fewer successful attacks (which is not the same thing the number of patches it gets for theoretical attacks) is the more secure app.

  2. John said on November 30, 2023 at 7:01 pm
    Reply

    Well majority of people use some form of a Chromium based browser. Not surprising that its a target. I’ve tried other browsers but always end up back at Chrome. Its just a browser which is what I want and apparently so do many others.

  3. Anonymous said on November 29, 2023 at 9:02 pm
    Reply

    Security is not the same as Privacy…
    Look at all the security features Chromium has, sandboxing, isolation… you know, stuff that Firefox doesn’t even have until recently, like when they got GPU sandboxing.
    So you might be a Chromium hater, but you should understand:
    1. Chromium will obviously get target since it has 90% of marketshare.
    2. Gecko and Webkit might have a lot of vulnerabilities but since they don’t have as many users, they don’t get exploited or detected.
    3. Chromium has always fixed their vulnerabilities fast, and if forks are made properly, they won’t have a problem releasing them as soon as Chrome does.

    Show an example of Chromium being exploited for real, and a computer being hacked or something because of Chromium insecurities, you only know about these vulnerabilities because you are reading them, not because you know someone who got damaged by them.

    Every piece of software has vulnerabilities anyway, reason why they pay big cash if you find a real vulnerability.

    1. Anonymous said on November 30, 2023 at 12:16 pm
      Reply

      Thanks for your post Google fanboy.

  4. Anonymous said on November 29, 2023 at 8:57 pm
    Reply

    Brave got Chromium 119.0.6045.199, so unless you don’t update, then it is already patched.

    Also it got a nice “Added support for quoted scriptlet arguments.” for Stable users which means all Scriptlet Injections from uBlock lists will work in Brave, since they were randomly using the ‘nicer’ (because you didn’t have to escape commas) but incompatible Adguard style.

    Also some fixes. So it was pretty quick update to cover this vulnerability, if Brave can do it, all the rest, Vivaldi, Opera, Yandex, Edge and the trillion Chromium forks can do it as well.

    That’s one big part of choosing a Browser, you have to choose one that gives you also updates fast, not one that might be or look nice but then gives you security updates after days.

  5. Jody Thornton said on November 29, 2023 at 12:12 pm
    Reply

    tin ass wrote … “what about the rest they haven’t found and patched”

    Like Firefox? I use Firefox, but I’m sure there are loads of undetected security holes there too, if not more.

  6. tin ass said on November 29, 2023 at 9:39 am
    Reply

    only the sixth? what about the rest they haven’t found and patched

    anyone using chromium these days as the so called most secure browser are kidding themselves – it’s adobe flash levels of incompetence

    1. Iron Heart said on November 29, 2023 at 11:26 am
      Reply

      Maybe it’s the most used browser and the only valuable target… when smaller browsers are not attacked, it does not automatically mean that their base code is more secure. That’s a fallacy, a downright idiotic thing to say. Last I checked the top method to de-anonymize Tor users is still the good ol’ Firefox exploit.

      The topic never gets old on gHacks, it’s the Mozilla shill’s favorite misinfo.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.