Serious security vulnerability on Chrome has just been patched

According to MacRumors , Google has released a critical security update for Chrome on macOS, Windows, and Linux to fix a zero-day vulnerability that is being actively exploited. In the Chrome update, Google said it is "aware that CVE-2023-6345 is in the wild."

Discovered by security researchers at Google's Threat Analysis Group (TAG) last week, the new vulnerability is believed to be related to the open-source 2D graphics library Skia in Chrome's graphics engine. Google has not yet provided further details on how the CVE-2023-6345 vulnerability is being exploited, as it does not want to alert bad actors.

According to the macOS update 119.0.6045.199 notes, the exploit allows one or more attackers "to potentially perform a sandbox escape via a malicious file," which could theoretically lead to them executing arbitrary code and stealing data.

By default, Chrome will automatically update itself when a new version is available. However, users should also perform a manual update immediately to avoid the risk of zero-day exploits. In Chrome settings, click the About Chrome tab and click Update Google Chrome. If there is no option to update, you are already upgraded to the latest version.

This year, Google has fixed six zero-day vulnerabilities, including two that were also abused and addressed in September: CVE-2023-5217 and CVE-2023-4863.