SECURITY
SECURITY
SECURITY
Google rolls out emergency update for Chrome after critical vulnerability found
Google LLC has released an emergency security update for its Chrome browser following the discovery of a critical vulnerability that could open the door to attacks.
The vulnerability, tracked as CVE-2023-6345, is described as an integer overflow in Skia in Google Chrome before version 119.0.6045.199 that allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Skia is an open-source 2D graphics library that powers the rendering of web pages in Google Chrome.
The vulnerability was discovered and reported by Benoît Sevens and Clément Lecigne from Google’s Threat Analysis Group. The update to Chrome also includes patches for six high-severity vulnerabilities, some of which had been reported through the Chrome Vulnerability Reward Program.
Users, including organizations, are being urged to ensure that they are running the latest version of Chrome, whether on Windows, Mac, or Linux, as the vulnerability affects all versions. Users who do not have Chrome set to allow for automatic updates should manually update their installations.
“Organizations should focus on making sure their browser fleet is up-to-date and well-managed,” Lionel Litty, chief security architect at browser security company Menlo Security Inc., told SiliconANGLE. “Educate users and advise them to restart Chrome regularly so that they get updated. Audit what versions of Chrome you are seeing in your environment.”
Saeed Abbasi, manager of vulnerability and threat research at cloud-based information technology, security and compliance solutions firm Qualys Inc., warns that “Chrome has become a prime target for attackers due to its widespread usage and integration into personal and professional spheres, providing access to a wealth of sensitive information.”
“Despite stringent security measures, the browser’s complex codebase can lead to vulnerabilities,” he said. “Additionally, the high commercial value of exploiting a widely used platform like Chrome attracts sophisticated attackers, including those backed by state sponsors. Organizations should prioritize regular updates and patch management to keep browsers up-to-date.”
Abbasi added that “employee training is essential to raise awareness about the dangers of outdated browsers” and suggested that “implementing network segmentation can restrict browser access to sensitive areas, reducing breach impacts.”
Image: DALL-E 3
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
