Chrome and Chromium-based browser zero-day exploit that 'exists in the wild' has been patched but an estimated 4 billion people may still be affected

News
By published

An update has been released, but it may take weeks to spread to all the affected browsers.

Google Chrome
(Image credit: Anadolu Agency (Getty Images))

In the on-going cat and mouse game that is modern cybersecurity, even the really big names in the industry can sometimes be caught by surprise. Google's software security team, the very super-spy sounding "The Threat Analysis Group", announced a hidden exploit in Chrome and Chromium-based browsers on November 24, and Google has since patched it along with a number of other security fixes. 

It may take some time for the update to spread to all affected devices, so it might be worth keeping a closer eye on your browser updates over the next few days and weeks to make sure you're using the very latest version.

Google is understandably keeping the details of the exploit, which it's labelled CVE-2023-6351, under wraps for now, but it has noted that it's an integer overflow issue in Skia, which is an open source 2D graphics library that Chrome and Chromium-based browsers like Edge and Opera use to draw 2D images like buttons, text and menus. Integer overflow exploits can be used to crash your browser and gain access, so the severity rating of "high" seems more than appropriate here.

Zero-day vulnerabilities are nothing new of course, and all major software developers keep a close eye on potential exploits in order to patch them before any opportunistic parties can take advantage of them. However, Google's admission that this exploit exists "in the wild" is somewhat concerning, as it suggests that it was possibly being used for nefarious purposes already.

While companies devote huge amounts of time and resources to closing holes and squashing bugs and potential exploits before they happen, it's inevitable that a few are going to slip through the cracks. As always, the best recommendation is to keep your software updated at all times, and to pay attention to potential fixes that may have not yet reached your machine. 

This latest batch of vulnerabilities were fixed in the 119.0.6045.199 Chromium update, and Edge has also released a fix, so if you use Chrome or a Chromium-based browser it's worth checking your update history to make sure you're fully protected. Stay safe out there. 

Windows 11 reviewHow to install Windows 11Windows 11 TPM requirement


Windows 11 review: What we think of the latest OS.
How to install Windows 11: Guide to a secure install.
Windows 11 TPM requirement: Strict OS security.

Andy Edser
Andy Edser
Hardware Writer

Andy built his first gaming PC at the tender age of 12, when IDE cables were a thing and high resolution wasn't—and he hasn't stopped since. Now working as a hardware writer for PC Gamer, Andy's been jumping around the world attending product launches and trade shows, all the while reviewing every bit of PC hardware he can get his hands on. You name it, if it's interesting hardware he'll write words about it, with opinions and everything.

Read more
Pipboy holds up an open padlock.
A BIOS update could be all that's stopping you or someone else from jailbreaking your old AMD CPU
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
Netgear Nighthawk XR1000
Netgear says certain router owners should 'download the latest firmware as soon as possible' to patch a critical vulnerability
Microsoft Windows 11
If you installed Windows 11 with certain security updates and a USB stick, you may not get any more security updates warns Microsoft
Three Magikarp Pokémon
The FBI used self-destruct on malware infecting over 4,000 US computers, it's super effective
ANKARA, TURKIYE - SEPTEMBER 06: In this photo illustration, Chrome logo is being displayed on a mobile phone screen in front of computer screen in Ankara, Turkiye on September 06, 2023.
uBlock and a handful of other popular Google Chrome extensions have been axed overnight, but some of them just require turning off and on again
Latest in Browsers
Google campus sign
Google asks Trump's DOJ to please, please, please reconsider parting it from Chrome
ANKARA, TURKIYE - SEPTEMBER 06: In this photo illustration, Chrome logo is being displayed on a mobile phone screen in front of computer screen in Ankara, Turkiye on September 06, 2023.
uBlock and a handful of other popular Google Chrome extensions have been axed overnight, but some of them just require turning off and on again
Opera GX, Opera's gaming browser
Morbid curiosity made me swap from Chrome to Opera's 'gaming browser' but its early 2000s custom ringtone vibes give me the ick
The Opera Air 'mindfulness browser' on top of a blurred background
Opera has unveiled 'the world’s first browser with mindfulness at its core' and, to my surprise, I might be convinced
MOUNTAIN VIEW, CALIFORNIA - AUGUST 22: A view of Google Headquarters in Mountain View, California, United States on August 22, 2024.
Google being pushed to sell off Chrome is likely a good thing, but don't cheer on the decision just yet
Chrome Browser Logos
Google has changed its mind about dropping support for third-party cookies in Chrome, after years of trying to make it happen
Latest in News
A man examines the implant in his beefy arm
New Ark DLC gets AI-generated trailer so awful that the original developer's washing its hands of the whole thing, and fans are in uproar: 'This is disgusting and you should be ashamed'
A screenshot of Helldivers 2, depicting a Helldiver saluting while wearing an anthropomorphic facemask
The United Nations asked Helldivers 2 studio Arrowhead if it'd give a talk on psychological manipulation: ‘Could we brainwash an entire community to fight for a fascist state? … Would we be okay with that? Turns out, yeah’
A photo of a monitor displaying the output screen of Razer's AI QA Copilot system
It's not for PC gamers but Razer's new AI QA Copilot could ultimately benefit every PC gamer out there, and it's looking like it could be a killer app that AI needs right now
Kingdom Come Deliverance 2 barbers change hairstyle - Henry sitting on a horse wearing armour.
Kingdom Come: Deliverance 2 sold 5 times more than the original in its first month
A photo of a gaming laptop's screen, displaying the control panel for Razer's Sensa HD Haptics system
I honestly thought Razer's Sensa haptics stuff was just a gimmick until I tried it with a sim racing setup, and now I'm absolutely sold
Future Games Show Spring Showcase 2025 logo
Here's how to watch the Future Games Show 2025 Spring Showcase
More about browsers
Google campus sign

Google asks Trump's DOJ to please, please, please reconsider parting it from Chrome
ANKARA, TURKIYE - SEPTEMBER 06: In this photo illustration, Chrome logo is being displayed on a mobile phone screen in front of computer screen in Ankara, Turkiye on September 06, 2023.

uBlock and a handful of other popular Google Chrome extensions have been axed overnight, but some of them just require turning off and on again
A man examines the implant in his beefy arm

New Ark DLC gets AI-generated trailer so awful that the original developer's washing its hands of the whole thing, and fans are in uproar: 'This is disgusting and you should be ashamed'
See more latest
Most Popular
A man examines the implant in his beefy arm
New Ark DLC gets AI-generated trailer so awful that the original developer's washing its hands of the whole thing, and fans are in uproar: 'This is disgusting and you should be ashamed'
A screenshot of Helldivers 2, depicting a Helldiver saluting while wearing an anthropomorphic facemask
The United Nations asked Helldivers 2 studio Arrowhead if it'd give a talk on psychological manipulation: ‘Could we brainwash an entire community to fight for a fascist state? … Would we be okay with that? Turns out, yeah’
A photo of a monitor displaying the output screen of Razer's AI QA Copilot system
It's not for PC gamers but Razer's new AI QA Copilot could ultimately benefit every PC gamer out there, and it's looking like it could be a killer app that AI needs right now
A photo of a gaming laptop's screen, displaying the control panel for Razer's Sensa HD Haptics system
I honestly thought Razer's Sensa haptics stuff was just a gimmick until I tried it with a sim racing setup, and now I'm absolutely sold
Kingdom Come Deliverance 2 barbers change hairstyle - Henry sitting on a horse wearing armour.
Kingdom Come: Deliverance 2 sold 5 times more than the original in its first month
Future Games Show Spring Showcase 2025 logo
Here's how to watch the Future Games Show 2025 Spring Showcase
MSI RTX 5090 Suprim SOC graphics card on a grey background with a gradient
Nvidia has cut the MSRP of RTX 50-series FE cards in the UK and Europe and that means... not a whole lot right now
A young boy uses the Xbox Adaptive Joystick, mounted to a tabletop.
Microsoft's Adaptive Joystick is geared towards 'players with limited mobility' and is available now for just $30
Hollow Knight: Silksong — character art of Hornet, Silksong's protagonist, brandishing her weapon
Silksong's weary hollows tossed another scrap of hope from Xbox on high, as a blog post namedrops it next to other 'upcoming games'
United Videogame Workers - CWA logo
Game developers launch North America's first industry-wide union 'to build worker power irrespective of studio and current job status'