Chrome and Chromium-based browser zero-day exploit that 'exists in the wild' has been patched but an estimated 4 billion people may still be affected

News
By Andy Edser
published

An update has been released, but it may take weeks to spread to all the affected browsers.

Google Chrome
(Image credit: Anadolu Agency (Getty Images))

In the on-going cat and mouse game that is modern cybersecurity, even the really big names in the industry can sometimes be caught by surprise. Google's software security team, the very super-spy sounding "The Threat Analysis Group", announced a hidden exploit in Chrome and Chromium-based browsers on November 24, and Google has since patched it along with a number of other security fixes. 

It may take some time for the update to spread to all affected devices, so it might be worth keeping a closer eye on your browser updates over the next few days and weeks to make sure you're using the very latest version.

Google is understandably keeping the details of the exploit, which it's labelled CVE-2023-6351, under wraps for now, but it has noted that it's an integer overflow issue in Skia, which is an open source 2D graphics library that Chrome and Chromium-based browsers like Edge and Opera use to draw 2D images like buttons, text and menus. Integer overflow exploits can be used to crash your browser and gain access, so the severity rating of "high" seems more than appropriate here.

Zero-day vulnerabilities are nothing new of course, and all major software developers keep a close eye on potential exploits in order to patch them before any opportunistic parties can take advantage of them. However, Google's admission that this exploit exists "in the wild" is somewhat concerning, as it suggests that it was possibly being used for nefarious purposes already.

While companies devote huge amounts of time and resources to closing holes and squashing bugs and potential exploits before they happen, it's inevitable that a few are going to slip through the cracks. As always, the best recommendation is to keep your software updated at all times, and to pay attention to potential fixes that may have not yet reached your machine. 

This latest batch of vulnerabilities were fixed in the 119.0.6045.199 Chromium update, and Edge has also released a fix, so if you use Chrome or a Chromium-based browser it's worth checking your update history to make sure you're fully protected. Stay safe out there. 

Image


Windows 11 review: What we think of the latest OS.
How to install Windows 11: Guide to a secure install.
Windows 11 TPM requirement: Strict OS security.

Andy Edser
Andy Edser
Hardware Writer

Andy built his first gaming PC at the tender age of 12, when IDE cables were a thing and high resolution wasn't. After spending over 15 years in the production industry overseeing a variety of live and recorded projects, he started writing his own PC hardware blog for a year in the hope that people might send him things. Sometimes they did.

Now working as a hardware writer for PC Gamer, Andy can be found quietly muttering to himself and drawing diagrams with his hands in thin air. It's best to leave him to it.

See comments