A critical security exploit has been discovered in Google Chrome, the most popular web browser in the world. The exploit, known as CVE-2023-6345, is a zero-day vulnerability that is being actively exploited by hackers to execute arbitrary code on the target system. If you use Chrome as your web browser, you should update it as soon as possible to protect your data and devices from potential attacks.
What is CVE-2023-6345 and How Does it Work?
CVE-2023-6345 is a zero-day vulnerability that affects all versions of Chrome on Windows, Mac, and Linux. A zero-day vulnerability is a security flaw that is unknown to the software vendor and the public, and therefore has no patch or fix available. Hackers can exploit these vulnerabilities to launch attacks before the software vendor can release a security update.
CVE-2023-6345 is an integer overflow bug in Skia, an open source 2D graphics library that is used by Chrome to render web pages. An integer overflow occurs when a mathematical operation produces a result that is too large to fit in the allocated memory space. This can cause unexpected behavior or errors in the program.
The exploit works by creating a malicious web page that contains a specially crafted VP8 video file. VP8 is a video compression format that is widely used on the web, especially for streaming videos on platforms like YouTube. When the user visits the malicious web page using Chrome, the browser will try to render the VP8 video file using Skia. However, due to the integer overflow bug, the video file will trigger a heap-based buffer overflow in Skia, which is a type of memory corruption error that can allow an attacker to overwrite the memory space of the program and execute arbitrary code on the target system. The attacker can then take control of the system and perform malicious actions, such as stealing or deleting data, installing malware, or accessing other devices on the network.
The severity of the issue is high, as the exploit can be triggered without any user interaction and can affect millions of Chrome users. Google has confirmed that the exploit is being used in the wild by a commercial surveillance vendor but did not provide any details about the nature or scope of the attacks.
How to Update Chrome and Why You Should Do It Now?
Google has released a security update for Chrome to fix the CVE-2023-6345 vulnerability. The update is available for download now and has the version number 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows. To update your browser, follow these steps:
- On your computer, open Chrome.
- At the top right, click the three dots icon and then click Settings.
- On the left, click About Chrome.
- Chrome will check for updates and install them automatically if available.
- You may need to restart your browser to apply the update.
It is important to update your browser as soon as possible, as it is one of the most common ways that hackers can exploit your system. By updating Chrome, you can prevent hackers from using the CVE-2023-6345 exploit to compromise your data and devices.
Previous Zero-Day Exploits in Chrome and Their Consequences
This is not the first time that Chrome has been affected by a zero-day exploit. In fact, this is the second zero-day vulnerability that Google has patched in Chrome in less than a month. The previous one, CVE-2023-4863, was a buffer overflow in the libwebp image codec library, which could also allow remote code execution by viewing a malicious WEBP image file.
The consequences of not updating Chrome can be severe, as hackers can use these zero-day exploits to launch targeted attacks against specific individuals or organizations or to conduct mass campaigns that affect millions of users. For example, in 2021, a group of hackers known as DarkHotel used a zero-day exploit in Chrome to spy on government officials, journalists, and activists in North Korea, Japan, China, and the US.
By updating Chrome, you can reduce the risk of falling victim to these attacks and improve your security and privacy on the web. Chrome is one of the most popular browsers in the world, with over 2 billion users, so it is also a prime target for hackers. Therefore, you should always update your browser as soon as possible when a new version is available.
