Chrome under hacker attack, Google recommends updating immediately

The vulnerability was discovered on November 24 by two security researchers working within Google’s Threat Analysis Group (TAG)

News from Google. An important security update is now available for some Chrome users on Mac, Linux and Windows, in order to fix a vulnerability that could make systems vulnerable to data theft and other cyber attacks. On Tuesday, Google confirmed in an update on the Chrome blog that it was “aware of the existence of a real-world exploit for CVE-2023-6345.” The vulnerability was discovered on November 24 by two security researchers working within Google’s Threat Analysis Group (TAG). Google hasn’t released many details about the CVE-2023-6345 exploit yet, but that’s to be expected. It’s unclear how long the vulnerability had been actively exploited before its discovery last week.

CVE-2023-6345 vulnerability could allow attackers to remotely access personal data and implement malicious code. What we do know is that CVE-2023-6345 affects Skia, the open-source 2D graphics library within the Chrome graphics engine. According to Chrome’s update notes, the exploit allowed at least one hacker to “potentially perform a sandbox exit via a malicious file.” Sandbox exits can be used to infect vulnerable systems with malicious code and steal sensitive user data.

If your Chrome browser is already set to update automatically, you may not need to take any action. For everyone else, it’s worth manually updating to the latest version (119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows) in Google Chrome settings to avoid leaving your system exposed. Google says the fix will be rolling out “in the next few days/weeks,” so it may not be immediately available to everyone at the moment.



Source-www.adnkronos.com