Google has recently taken a significant step in enhancing the security of its Chrome browser by releasing updates designed to address seven security issues, one of which is a zero-day vulnerability actively exploited in the wild.

 

Identified as CVE-2023-6345, this high-severity vulnerability is characterized as an integer overflow bug in Skia, an open-source 2D graphics library. The flaw was discovered and reported by Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group (TAG) on November 24, 2023.

 

While Google acknowledged the existence of an exploit for CVE-2023-6345 in the wild, the company provided limited details about the nature of the attacks and the potential threat actors involved.

 

 

It’s noteworthy that this is not the first time Google has dealt with an integer overflow flaw in Skia. In April 2023, a similar vulnerability (CVE-2023-2136) was patched after being actively exploited as a zero-day. This raises the possibility that CVE-2023-6345 might serve as a patch bypass for its predecessor.

 

The earlier CVE-2023-2136 flaw permitted a remote attacker who compromised the renderer process to potentially execute a sandbox escape through a crafted HTML page.

 

With this latest update, Google has successfully addressed a total of six zero-day vulnerabilities in Chrome since the beginning of the year. These include:

 

• CVE-2023-2033 (CVSS score: 8.8) – Type confusion in V8

 

• CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia

 

• CVE-2023-3079 (CVSS score: 8.8) – Type confusion in V8

 

• CVE-2023-4863 (CVSS score: 8.8) – Heap buffer overflow in WebP

 

• CVE-2023-5217 (CVSS score: 8.8) – Heap buffer overflow in vp8 encoding in libvpx

 

To safeguard against potential threats, users are strongly advised to upgrade to Chrome version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux. 

 

Additionally, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are urged to apply the fixes promptly as they become available.

 

 

In conclusion, Google’s proactive approach to addressing these security vulnerabilities underscores its commitment to providing a secure browsing experience for users. Keeping browsers updated is crucial in mitigating potential risks and staying one step ahead of evolving cyber threats.