Google Chrome Update Fixes High-Severity Zero-Day Vulnerability That Was Actively Exploited

Google is rolling out a security patch for its Chrome web browser that fixes a security flaw that could allow a malicious user to run dangerous code on a user’s computer. The update is available for Windows, macOS, and Linux computers and users should install the latest version in order to remain protected from the zero-day vulnerability — the sixth one to be patched by Google this year. The company is expected to provide more information once the update has been rolled out to several users.

Spotted by Android Central, the update to Google Chrome 119.0.6045.199 for macOS and Linux began rolling out to users earlier this week, alongside version 119.0.6045.200 for Windows computers with a fix for a zero-day vulnerability in tow. These are flaws that were previously unknown to the developers of the software, making them a target for malicious users.

With the latest Google Chrome update, the company has patched the security bug tracked by the National Institute of Standards and Technology (NIST) as CVE-2023-6345. While the company hasn’t revealed a great deal of information related to the security flaw, the firm says it knows that “an exploit for CVE-2023-6345 exists in the wild” in its release notes for the latest update. Users should enable automatic updates for Chrome or manually update to the latest versions in order to get the latest fixes.

Meanwhile, the entry for the vulnerability on the NIST website has been assigned a “High” severity level. The description states that it is related to the open source Skia library that is used in Google Chrome. An attacker could use a malicious file to compromise the renderer process and escape the sandbox — a system designed to separate the browser and the system, to keep the latter protected.

The company credits Benoît Sevens and Clément Lecigne from its Threat Analysis Group (TAG) with discovering the vulnerability that was found on November 24 and swiftly patched by the company. At the moment, it is unclear whether other browsers and applications that are also based on Google’s open-source Chromium browser project are also affected by the flaw, or when they will receive updates with security patches.