{"id":23486,"date":"2023-11-29T16:10:04","date_gmt":"2023-11-30T00:10:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/11\/29\/news-17216\/"},"modified":"2023-11-29T16:10:04","modified_gmt":"2023-11-30T00:10:04","slug":"news-17216","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/11\/29\/news-17216\/","title":{"rendered":"Update now! Chrome fixes actively exploited zero-day vulnerability"},"content":{"rendered":"\n

Google has released an update to Chrome<\/a> which includes seven security fixes including one for a vulnerability which is known to have already been exploited.<\/p>\n

If you\u2019re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible.<\/p>\n

The easiest way to update Chrome is to set it to update automatically, but you have to make sure to close your browser for the update to finish. You can also end up on an older, vulnerable version if something goes wrong\u2014such as an extension stopping you from updating the browser.<\/p>\n

So, it doesn\u2019t hurt to check now and then. And now would be a good time, given the severity of the vulnerabilities in this batch. My preferred method is to have Chrome open the page\u00a0chrome:\/\/settings\/help<\/em>\u00a0which you can also find by clicking\u00a0Settings > About Chrome<\/strong> (on Windows) or Google Chrome > About Google Chrome<\/strong> (on Mac).<\/p>\n

If there is an update available, Chrome will start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.<\/p>\n

\"Google<\/figure>\n

Google Chrome is up to date<\/em><\/p>\n

After the update, the version should be listed as 119.0.6045.199 for Mac and Linux, and 119.0.6045.199\/.200 for Windows, or later.<\/p>\n

The technical details<\/h2>\n

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE assigned to the actively expoited zero-day is:<\/p>\n

CVE-2023-6345<\/a>: Integer overflow in Skia. Google notes it is aware that an exploit for CVE-2023-6345 exists in the wild. This vulnerability could lead to a range of risks, from crashes to the execution of arbitrary code.<\/p>\n

Google never gives out a lot of information about vulnerabilities, for obvious reasons. Access to bug details and links may be kept restricted until a majority of users are updated with a fix, so that interested criminals remain none the wiser.<\/p>\n

The fact that the vulnerability is listed with a severity rating of High, indicates that the scope of the flaw is limited to the browser, but this could mean successful exploitation could provide the attacker with information about visited websites and so on.<\/p>\n

Skia is an open source 2D graphic library for drawing Text, Geometries, and Images. Skia works across a variety of hardware and software platforms. It serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and many other products.<\/p>\n

That\u2019s why users of other Chromium based browsers and software that uses Skia should keep their eyes open for similar updates.<\/p>\n

\n

We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Google’s released an update to Chrome which includes seven security fixes. Make sure you’re using the latest version! <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10699,30559,22783,1670,32,29747],"class_list":["post-23486","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-chrome","tag-cve-2023-6345","tag-exploits-and-vulnerabilities","tag-google","tag-news","tag-skia"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23486"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23486\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23486"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}