This week, Google has released a Chrome emergency update and is once again asking you to update immediately to avoid a new zero-day exploit.
This newest exploit is the sixth zero-day exploit that Google has patched his year. The exploit is currently known as CVE-2023-6345, and it is patched in Google Chrome version 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows. The update is set to roll out automatically over the coming days, but you can check Chrome for an update to download it immediately.
To update immediately, click Settings > About Chrome and then check your version number. From there, you can see if Chrome’s emergency update is available or not, and if it is, you’ll be able to relaunch to install it.
This Google Chrome emergency update will also address a few other issues, according to Google’s official announcement. The main issue here, of course, is the zero-day exploit, which seems to be related to an integer overflow in Skia. The issue was reported by Google’s Threat Analysis Group members earlier this month.
Here are all the issues the latest Chrome emergency update resolves:
- CVE-2023-6348 – Type Confusion in Spellcheck
- CVE-2023-6347 – Use after free in Mojo.
- CVE-2023-6346 – Use after free in WebAudio.
- CVE-2023-6350 – Out of bounds memory access in libavif.
- CVE-2023-6351 – Use after free in libavif.
- CVE-2023-6345 – Integer overflow in Skia.
It’s also worth noting that Google doesn’t consider any of these issues “Critical.” Instead, the tech giant has listed them as “High” threat issues, so there isn’t any evidence that the zero-day exploit has been utilized at all by bad actors. Still, it’s best to go ahead and download the Chrome emergency update so that you don’t have to worry about it later on.