The chrome web browser is receiving a security patch that addresses a vulnerability that might enable a rogue user to execute harmful code on a user’s machine. This vulnerability was discovered by Google. Users should apply the most recent version of the update in order to maintain their protection against the zero-day vulnerability, which is the sixth issue that Google has patched this year.
The update is available for machines running Windows, macOS, and Linux. Once the update has been distributed to a number of people, it is anticipated that the corporation will continue to provide additional information.
Google Chrome version 119.0.6045.199 for macOS and Linux began rolling out to users earlier this week, along with version 119.0.6045.200 for Windows machines, which included a fix for a zero-day vulnerability.
Android Central was the first to discover that this update was being sent to users. As a result of these vulnerabilities, which were previously undisclosed to the authors of the software, they are a target for users who harbor evil intent.
The security flaw that was identified by the National Institute of Standards and Technology (NIST) as CVE-2023-6345 has been fixed by the firm with the most recent upgrade of Google Chrome. In its release notes for the most recent version, the company states that it is aware that “an exploit for CVE-2023-6345 exists in the wild.”
This is despite the fact that the corporation has not disclosed a significant amount of information concerning the security vulnerabilities. It is recommended that users either activate automatic updates for Chrome or manually update to the most recent versions in order to provide themselves with the most recent fixes.
The entry for the vulnerability that can be seen on the NIST website has been given a severity level of “High” in the meanwhile. In the description, it is mentioned that it is connected to the Skia library, which is an open-source library that is utilized by Google Chrome. A malicious file could be used by an adversary to compromise the renderer process and escape the sandbox. The sandbox is a system that is supposed to keep the system protected by separating it from the browser.
Benoit Sevens and Clément Lecigne, both members of the business’s Threat Analysis Group (TAG), are credited by the company with uncovering the vulnerability that was discovered on November 24 and was promptly patched by the company. At this time, it is not known whether other browsers and programs that are also based on Google’s open-source Chromium browser project are similarly affected by the problem, nor is it known when these browsers and applications will receive updates that include security patches.