Google has released an emergency security update for Chrome that addresses a zero-day vulnerability in versions of the browser for Windows, macOS and Linux platforms. All users are advised to install the update as soon as possible. Chrome Releases support service reported that the vulnerability had already been exploited by hackers, so the company did not delay the development of the patch.
As Bleeping Computer reports, the patch actually contains seven security fixes, but the most significant of them is CVE-2023-6345, which is related to an integer overflow issue in the Skia 2D graphics library used in Chrome, Chrome OS, Android, etc. Flutter and other software.
All Chrome users are recommended to update their browser immediately. For that:
- Open Chrome.
- In the browser menu, select “Help” → “About Google Chrome”;
- Click “Restart”;
- If the browser has already updated automatically, a restart is not necessary.
Without installing a security update, the browser remains vulnerable to hacker attacks, which can either cause it to crash or result in a cybercriminal executing arbitrary code on the victim’s computer. What’s particularly alarming is that this is the sixth zero-day vulnerability discovered in Google Chrome in 2023.