Google Chrome Update Fixes High-Severity Zero-Day Vulnerability That Was Actively Exploited

The latest updates for Google Chrome fix a flaw that allows an attacker to use a malicious file to run dangerous code on a user's computer.

Written by David Delima, Edited by Siddharth Suvarna | Updated: 1 December 2023 15:22 IST

Google Chrome Update Fixes High-Severity Zero-Day Vulnerability That Was Actively Exploited

Photo Credit: Gadgets 360

Google Chrome users with automatic updates enabled should already be protected

Highlights

Google has updated its Chrome browser with important security patches
The updates are available for Windows, macOS and Linux
Google says it is aware of the Chrome flaw being actively exploited

Google is rolling out a security patch for its Chrome web browser that fixes a security flaw that could allow a malicious user to run dangerous code on a user's computer. The update is available for Windows, macOS, and Linux computers and users should install the latest version in order to remain protected from the zero-day vulnerability — the sixth one to be patched by Google this year. The company is expected to provide more information once the update has been rolled out to several users.

Spotted by Android Central, the update to Google Chrome 119.0.6045.199 for macOS and Linux began rolling out to users earlier this week, alongside version 119.0.6045.200 for Windows computers with a fix for a zero-day vulnerability in tow. These are flaws that were previously unknown to the developers of the software, making them a target for malicious users.

With the latest Google Chrome update, the company has patched the security bug tracked by the National Institute of Standards and Technology (NIST) as CVE-2023-6345. While the company hasn't revealed a great deal of information related to the security flaw, the firm says it knows that "an exploit for CVE-2023-6345 exists in the wild" in its release notes for the latest update. Users should enable automatic updates for Chrome or manually update to the latest versions in order to get the latest fixes.

Here's When Chrome's Manifest V3 Changes Will Cripple Your Ad Blocker

Meanwhile, the entry for the vulnerability on the NIST website has been assigned a "High" severity level. The description states that it is related to the open source Skia library that is used in Google Chrome. An attacker could use a malicious file to compromise the renderer process and escape the sandbox — a system designed to separate the browser and the system, to keep the latter protected.

The company credits Benoît Sevens and Clément Lecigne from its Threat Analysis Group (TAG) with discovering the vulnerability that was found on November 24 and swiftly patched by the company. At the moment, it is unclear whether other browsers and applications that are also based on Google's open-source Chromium browser project are also affected by the flaw, or when they will receive updates with security patches.

Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google Chrome, Chrome, Google, Chrome security, Google Chrome update

David Delima

Email David Delima

As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More