Google has released a new emergency security update for Chrome to address a high severity zero-day vulnerability that’s currently being exploited by hackers.
As reported by BleepingComputer, the zero-day in question (tracked as CVE-2023-6345) has now been patched in Chrome version 119.0.6045.199/.200 for Windows and version 119.0.6045.199 for Mac and Linux.
In an advisory sent out alongside the emergency security update, the Chrome team explained that it also contains fixes for 6 other security flaws, all of which are high-severity vulnerabilities. With this latest security update for its browser, Google has now patched a total of six zero-day vulnerabilities in this year alone that hackers managed to develop exploits for.
If you haven’t updated Chrome lately, you’re going to want to install this emergency security update as soon as possible since there is a chance — though relatively small — that the zero-day flaw it patches could be used by hackers in their attacks. Even then, you always want to keep your browser up to date as cybercriminals often target users that are running outdated software.
Exploited by hackers but details are scarce
Like with other recent zero-day flaws, Google isn’t saying much as to how hackers are currently exploiting this one in the wild. This is pretty standard though and Apple does the exact same thing with iPhone and Mac zero-days.
The reasoning behind this is pretty simple. If Apple or Google in this case says too much about how hackers are using a zero-day in their attacks, other cybercriminals could follow suit and develop their own exploits. By keeping the details scarce for the time being, Google and other tech giants are giving their users more than enough time to download and install the latest security updates.
The most recent high-severity zero-day flaw in Chrome is an integer overflow bug in the open source, 2D graphics library Skia. Besides Chrome though, it’s also used in other products including ChromeOS on the best Chromebooks, Android and Flutter.
As this flaw was discovered by two security researchers from Google’s Threat Analysis Group (TAG), BleepingComputer believes that hackers could be exploiting it in spyware attacks. However, since these kinds of zero-day flaws are often used by state-sponsored hackers targeting high-profile individuals like journalists and politicians, most people won’t likely need to worry about falling victim to an attack.
Still though, keeping your browser up to date is one of the most important and the easiest way to stay safe from hackers.
How to stay safe from attacks exploiting zero-day flaws
Like I mentioned before, installing the latest security updates and patches as soon as they become available is the easiest way to ensure you won’t get caught up in a cyberattack that’s exploiting a recently discovered zero-day flaw.
Although you can manually check for updates by clicking on the three-dot menu, opening Settings and then going to About Chrome, Google also uses a color-coded warning system to let you know when new updates or patches are available. When this happens, you’ll see a bubble next to your profile picture in Chrome. The bubble turns green for a 2-day old update, orange for a 4-day old update and red when an update was released at least a week ago.
Besides keeping your browser up to date, you should also be using the best antivirus software on your Windows PC, the best Mac antivirus software on your Apple computer and one of the best Android antivirus apps on your Android smartphone. This way, you can ensure you’re protected from malware and other viruses.
Zero-day flaws in popular software are more common than you think but in this case, if you keep your browser up to date, you should be fine. It’s just a matter of taking the time to install any new updates that appear instead of putting them off. Fortunately, Chrome updates quickly and reopens all of your current tabs after a restart, so you can pick up right where you left off.