In a bid to bolster user security, Google Chrome has rolled out a crucial security update, addressing several vulnerabilities, including an emergency patch to counteract real-world attacks. This update, marked as version 120.0.6099.62 for Windows, Mac, and Linux in the Beta channel, delivers fixes for seven security issues, among which one vulnerability, CVE-2023-6345, has been actively exploited.
The exploited flaw, an integer overflow issue within Skia, an open-source 2D graphics library utilized by Chrome, has prompted Google's urgent response. This vulnerability allowed remote attackers to potentially execute a sandbox escape via a compromised renderer process, enabling the exploitation through a malicious file.
Google's Threat Analysis Group, represented by Benoît Sevens and Clément Lecigne, brought attention to this vulnerability, suggesting possible spyware-related implications. Details about the fix are relatively scarce at the moment, but the severity of the exploit underscores the critical nature of this update.
Additionally, six other vulnerabilities rated as having a high impact have been addressed in this update. Notably, CVE-2023-6348, a type-confusion bug in Spellcheck, and CVE-2023-6351, a use-after-free issue in libavif, are among the addressed vulnerabilities, emphasizing the comprehensive nature of this security patch.
Earlier in the same month, Google released fixes for 15 security issues, three of which were rated as high severity. These included vulnerabilities in Payments and USB, highlighting the continuous efforts by Google to fortify Chrome's security.
For optimal protection, users are strongly advised to update their Chrome browsers to version 120.0.6099.62. This latest update is a critical step in ensuring a more secure browsing experience, shielding users from potential cyber threats and vulnerabilities.
How to Update Chrome:
Keeping your Chrome browser up-to-date is crucial to ensure you have the latest security patches and features. Here's how to update it:
Automatic Updates (Recommended):
- Chrome usually updates itself automatically in the background when a new version is available. However, you can manually check for updates by following these steps:
For Windows and Mac:
- Click on the three-dot menu in the top-right corner.
- Go to "Help" and select "About Google Chrome."
- Chrome will automatically check for updates and install them if available.
- Use the package manager specific to your Linux distribution to update Chrome.
- After updating, restart your browser to ensure the changes take effect.
Enable Auto-Update (if not already enabled):
- To ensure automatic updates are enabled, go to Chrome settings, click on "Advanced," then select "Privacy and security." Under "Advanced," choose "Update Chrome" and ensure "Automatically" is selected.
As always, maintaining an updated browser version plays a pivotal role in enhancing cybersecurity measures. Stay vigilant and prioritize updating your Chrome browser promptly to benefit from these crucial security enhancements.