Tech Support
Documentation
Login
Contact Us
Chrome Exploits Patched To Secure Your Browsing
Wajahat Raja
December 15, 2023 - TuxCare expert team
In a bid to fortify the security of its Chrome browser, Google has swiftly addressed seven vulnerabilities, with one particularly menacing zero-day exploit. This critical flaw, identified as CVE-2023-6345, centers around an integer overflow bug within Skia, an open-source 2D graphics library. Users can breathe a sigh of relief with the latest Chrome update, as critical security vulnerabilities have been addressed and Chrome exploits patched for enhanced online safety.
Google Chrome Security Updates
Discovered and reported by Benoît Sevens and Clément Lecigne from Google’s Threat Analysis Group on November 24, 2023, CVE-2023-6345 has gained notoriety for being actively exploited in the wild. An integer overflow vulnerability in Skia, this flaw poses a substantial risk to Chrome users.
The Silent Culprit: CVE-2023-2136 Resurfaces
Notably, this isn’t the first time an integer overflow in Skia has been exploited. In April 2023, Google tackled a similar issue (CVE-2023-2136) that had also fallen victim to zero-day exploitation. There’s a concerning possibility that CVE-2023-6345 may serve as a patch bypass for its predecessor.
CVE-2023-2136 allowed a remote attacker, who compromised the renderer process, to potentially execute a sandbox escape through a carefully crafted HTML page. The recurrence of this vulnerability emphasizes the evolving nature of cyber threats.
Chrome Exploits Patched
The latest Chrome security patches and updates mark Google’s proactive approach in addressing seven zero-day vulnerabilities since the beginning of the year. Each flaw is assigned a Common Vulnerability Scoring System (CVSS) score, highlighting its severity.
The vulnerabilities include:
- CVE-2023-2033 (CVSS score: 8.8) – Type confusion in V8
- CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
- CVE-2023-3079 (CVSS score: 8.8) – Type confusion in V8
- CVE-2023-4762 (CVSS score: 8.8) – Type confusion in V8
- CVE-2023-4863 (CVSS score: 8.8) – Heap buffer overflow in WebP
- CVE-2023-5217 (CVSS score: 8.8) – Heap buffer overflow in vp8 encoding in libvpx
Chrome Exploits Patched: Actions Required
To mitigate potential threats, users are strongly urged to upgrade to Chrome version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux. Patching Chrome security loopholes extends to users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, who should promptly apply fixes as they become available.
The Persistent Threat Landscape in 2023
This year has seen a surge in critical vulnerabilities and zero-day exploits across various browsers, not limited to Chrome. Firefox, Apple, Microsoft, and Google have all faced their share of security challenges. Both Apple and Google have sounded alarms regarding the use of zero-days by surveillance product vendors to install spyware on diverse device platforms.
Shared Vulnerabilities in Chromium-Based Browsers
Compounding the issue is the prevalence of browsers built on the Chromium model, which renders an exploit effective across multiple platforms. With several popular browsers adopting the Chromium foundation, a vulnerability in one could potentially impact numerous others. Therefore, browser security best practices are required to stay safe.
The Imperative of Timely Updates
Given the evolving threat landscape, timely updates have become paramount. Users are strongly advised to stay abreast of the latest developments and promptly apply patches as browser safety measures against cyber threats, and minimize the risk of falling victim to cyber threats.
Conclusion
As the digital landscape becomes increasingly sophisticated, the importance of robust cybersecurity measures cannot be overstated. Google’s swift response to patch vulnerabilities in Chrome serves as a reminder that user safety is a top priority in the ever-changing realm of cybersecurity for internet browsing
Stay protected, stay informed, and ensure your browsing experience remains secure.
The sources for this piece include articles in The Hacker News and Vulnera.
