Google Chrome, the near-ubiquitous web browser, has recently faced a critical security challenge, with the high-severity zero-day vulnerability identified as CVE-2023-6345 having been discovered, posing a significant threat to users worldwide.
Here’s what you need to know:
What is CVE-2023-6345?
CVE-2023-6345 is a severe security flaw in Google Chrome, categorized as an integer overflow bug in Skia, an open-source 2D graphics library. Discovered and reported by Google’s Threat Analysis Group on November 24, 2023, this vulnerability has raised concerns due to its potential impact on Chrome users.
Does it affect me?
If you are a user of Google Chrome or any Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi, this vulnerability could affect you. The nature of the bug allows for potential exploitation (instances of which we have already seen), which could compromise your browser’s security and integrity.
Has CVE-2023-6345 been actively exploited in the wild?
Yes, CVE-2023-6345 is not just a theoretical threat; it has been actively exploited in the wild. Although Google has not provided extensive details about the nature of these attacks or the threat actors involved, the acknowledgment of its exploitation increases the urgency for users to protect themselves.
Fixing CVE-2023-6345
To mitigate the threat posed by CVE-2023-6345, Google has released security updates. Users are strongly advised to upgrade their Chrome browser to version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux. Similarly, updates for other Chromium-based browsers should be applied as soon as they become available.
Next steps
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: