On Tuesday, Google began deploying a security update for the Chrome browser to address a zero-day vulnerability.
This marks the sixth occurrence of such a vulnerability in the popular web browser this year.
According to the National Vulnerability Database, this particular vulnerability is classified as "high" risk and is tracked under the identifier CVE-2023-6345.
Update Chrome Immediately
Users are advised to always install new software updates, whether for smartphones, browsers, or vehicles. However, this Chrome vulnerability on computers is especially critical.
Google has announced that the update will be rolled out over the coming days or weeks, with some users already able to update their browsers.
The update for Google Chrome on Windows, Linux, and macOS addresses this security flaw. Chrome users on macOS and Linux should update to version 119.0.6045.199, while Windows users should update to version 119.0.6045.199 or 199.0.6045.200.
Automatic Updates and Manual Checks
For those with automatic updates enabled for Google Chrome, no action might be necessary. To manually check for the update, users can go to Chrome's settings, click on "About Chrome," and then "Update Google Chrome."
If there's no option to update, the latest version is already installed.
Details of the Vulnerability
The exact details of the vulnerability are not fully disclosed yet. It is known to involve Google's Skia graphics library, which is open-source and used in Chrome and other Google apps and solutions like ChromeOS.
An integer overflow error in the Skia library in Chrome could allow hackers to escape the "sandbox" environment with a malicious file, enabling attacks with arbitrary code.
Google, like other tech companies, refrains from providing detailed information about security problems until most Chrome users have updated their browsers and are no longer vulnerable. This is to prevent hackers from exploiting the vulnerability against users who haven't updated yet.
Discovery and Response
Researchers from Google's Threat Analysis Group discovered the vulnerability on November 24. The update with a fix was ready by November 28, but it's unclear how long the security flaw existed before its discovery.