Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Android Central
Android Central
Technology
Brady Snyder

Update Chrome ASAP to patch this zero-day security flaw

Google Chrome icon on a laptop screen.

What you need to know

  • Researchers from Google' Threat Analysis Group discovered a zero-day vulnerability in Google Chrome on Nov. 24. 
  • Google issued an update today for Chrome on Mac, Linux, and Windows to patch the security vulnerability. 
  • Google says it is aware that the vulnerability was actively exploited.

On Tuesday, Google started the rollout of a Chrome security patch to fix its sixth zero-day vulnerability in the browser this year. The issue has a Chromium security severity of "high," according to the National Vulnerability Database, which is tracking the bug as CVE-2023-6345

Although users should install the update as soon as possible, some might have to wait. Google said in the update's release notes that the fix could arrive in the coming days or weeks. However, Android Central was able to install the update on macOS immediately. 

The fix is being sent out to Google Chrome browsers on Windows, Linux, and macOS. Chrome users on macOS and Linux will get version 119.0.6045.199, while users on Windows will get either version 119.0.6045.199 or 119.0.6045.200

In the release notes for the patch, Google said it "is aware that an exploit for CVE-2023-6345 exists in the wild." That means you should update your browser immediately to prevent any bugs or cybersecurity threats. Issues resulting from this security flaw can be as critical as arbitrary code execution or as simple as app crashes. 

Though we don't have many details about the vulnerability yet, we do know it is related to Google's Skia graphics library. Skia is open-source and is used in Chrome, among other Google apps and software, like ChromeOS. An integer overflow error within Skia in Chrome could allow remote hackers to do a sandbox escape with a malicious file, making the execution of arbitrary code possible. 

Google, like all tech companies, will not release more information on the security flaw until it is patched by the majority of Chrome users. Details may take longer to come out if the vulnerability affects third-party programs. This is because a detailed explanation of the flaw could make it easier for malicious attackers to exploit it against Chrome users who haven't updated yet. 

Researchers from Google's Threat Analysis Group found CVE-2023-6345 on Nov. 24. The patch was issued starting Tuesday (Nov. 28), although it's unclear how long the flaw may have been exploited before it was addressed. 

People who have automatic updates for Google Chrome enabled may not need to take any additional action. To check if you still need to manually apply the update, open your Google Chrome settings, click the About Chrome tab, and click Update Google Chrome. If you don't see the option to update, you're on the latest version. 

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.