Chrome Exploits Patched To Secure Your Browsing
In a bid to fortify the security of its Chrome browser, Google has swiftly addressed seven vulnerabilities, with one particularly menacing zero-day exploit. This critical flaw, identified as CVE-2023-6345, centers around an integer overflow bug within Skia, an open-source 2D graphics library. Users can breathe a sigh of relief with the latest Chrome update, as critical security vulnerabilities have been addressed and Chrome exploits patched for enhanced online safety.
Google Chrome Security Updates
Discovered and reported by Benoît Sevens and Clément Lecigne from Google’s Threat Analysis Group on November 24, 2023, CVE-2023-6345 has gained notoriety for being actively exploited in the wild. An integer overflow vulnerability in Skia, this flaw poses a substantial risk to Chrome users.
The Silent Culprit: CVE-2023-2136 Resurfaces
Notably, this isn’t the first time an integer overflow in Skia has been exploited. In April 2023, Google tackled a similar issue (CVE-2023-2136) that had also fallen victim to zero-day exploitation. There’s a concerning possibility that CVE-2023-6345 may serve as a patch bypass for its predecessor.
CVE-2023-2136 allowed a remote attacker, who compromised the renderer process, to potentially execute a sandbox escape through a carefully crafted HTML page. The recurrence of this vulnerability emphasizes the evolving nature of cyber threats.
Chrome Exploits Patched
The latest Chrome security patches and updates mark Google’s proactive approach in addressing seven zero-day vulnerabilities since the beginning of the year. Each flaw is assigned a Common Vulnerability Scoring System (CVSS) score, highlighting its severity.
The vulnerabilities include:
- CVE-2023-2033 (CVSS score: 8.8) – Type confusion in V8
- CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
- CVE-2023-3079 (CVSS score: 8.8) – Type confusion in V8
- CVE-2023-4762 (CVSS score: 8.8) – Type confusion in V8
- CVE-2023-4863 (CVSS score: 8.8) – Heap buffer overflow in WebP
- CVE-2023-5217 (CVSS score: 8.8) – Heap buffer overflow in vp8 encoding in libvpx
Chrome Exploits Patched: Actions Required
To mitigate potential threats, users are strongly urged to upgrade to Chrome…