Active Exploitation of Zero-Day Vulnerability in Google Chrome and Chromium-based Browsers

Published on 29 Nov 2023 | Updated on 30 Nov 2023

30 Nov 2023 Update

The vulnerability affects other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi.

Microsoft has released security updates to address this vulnerability in Edge.

Users of other Chromium-based browsers are advised to install updates as and when they become available.

*****

Google has released security updates addressing a zero-day vulnerability (CVE-2023-6345) in Google Chrome. The vulnerability is reportedly being actively exploited.

The vulnerability exists due to an integer overflow weakness within the Skia open-source 2D graphics library. Successful exploitation of the vulnerability could allow a remote attacker to crash the browser or execute arbitrary code.

Users of Google Chrome are advised to upgrade their browser to the latest version immediately.

Users are also encouraged to enable automatic updates in their Chrome browser to ensure that their software is updated promptly.

More information is available here:
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2023/
https://nvd.nist.gov/vuln/detail/CVE-2023-6345
https://stackdiary.com/integer-overflow-in-skia-chrome-releases-0-day-advisory/