Update Google Chrome now - another zero-day security flaw has been found

Google Chrome logo on desktop and mobile
(Image credit: Shutterstock)

If you’re a Google Chrome user, make sure to check for the latest update, because Google just patched its sixth zero-day vulnerability of the year. 

The vulnerability, stemming from an integer overflow weakness in the Skia open-source 2D graphics library, is being actively abused in the wild, so don’t wait to update your browser.

The vulnerability was discovered late last week by two security researchers working with Google’s Threat Analysis Group (TAG). This department is usually tasked with finding zero-day vulnerabilities in endpoints and tracking state-sponsored threat actors, so it’s safe to assume that at least one of the groups exploiting this flaw was state-sponsored.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

No further details

Google said it will not disclose more details about this vulnerability until the majority of the browsers have been updated. The earliest secure version is 119.0.6045.199/.200 for Windows users and 119.0.6045.199 for Mac and Linux users.

While Google usually rolls out the patch slowly across different regions, when we checked for updates, it was already available (version 119.0.6045.200). "Google is aware that an exploit for CVE-2023-6345 exists in the wild," the company said.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," the company said.

Withholding details is standard practice for vulnerabilities that are being actively exploited, as sharing more could motivate other attackers to develop their own malware. 

Google has so far fixed six zero-day vulnerabilities this year, including two that were addressed in September - CVE-2023-5217 and CVE-2023-4863. These two were also being abused in the wild, Google said at the time. 

Chrome is one of the world’s most popular browsers, making it an attractive target for criminals.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
A computer being guarded by cybersecurity.
Worrying Windows security issue patched by 7-Zip, so patch now
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does