Google has released security updates for its Chrome browser to fix multiple vulnerabilities, including a zero-day exploit that is actively being used in attacks. The zero-day vulnerability, known as CVE-2023-6345, is an integer overflow bug in the Skia graphics library. This vulnerability was discovered and reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group. The exploit for CVE-2023-6345 is already being used in the wild, although specific details about the attacks and threat actors are not disclosed. It is worth noting that Google had previously patched a similar integer overflow flaw (CVE-2023-2136) in the same component in April 2023, which was also actively exploited as a zero-day. This raises the possibility that CVE-2023-6345 could be a patch bypass for CVE-2023-2136. With this latest update, Google has addressed a total of six zero-day vulnerabilities in Chrome this year.
- Google has released security updates for Chrome to fix multiple vulnerabilities, including a zero-day exploit (CVE-2023-6345) in the Skia graphics library.
- The zero-day exploit is actively being used in attacks.
- The exploit for CVE-2023-6345 exists in the wild, but specific details about the attacks and threat actors are not disclosed.
- Google had previously patched a similar vulnerability (CVE-2023-2136) in April 2023, which was also actively exploited as a zero-day.
- The latest update addresses a total of six zero-day vulnerabilities in Chrome this year.