Google Releases Emergency Update for Chrome to Address Zero-day

Google released an emergency software update today to address a zero-day vulnerability that is being actively exploited.

The vulnerability is tracked as CVE-2023-6345, and it exists in the Skia 2D graphics library that Chrome uses. Upon successful exploitation, it can lead Chrome to crash, or allow the attacker to execute arbitrary code. Google says it is also aware of an exploit for the vulnerability in the wild.

Why you should care

A vulnerability that is actively exploited poses a huge threat to any individual and organization. As the security patch was released just today, it also means the majority of Chrome installations are vulnerable and susceptible to exploitation. The fact that Chrome has the most marketshare makes it highly probable that attackers are rushing to compromise as many Chrome installations as possible before people get their Chrome updated.

What you should do

If you are the IT and/or security administrator for your organization, you should be testing the patch and rolling it out to your users ASAP. If you are a consumer, update your Chrome ASAP.

References

• https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2023/