Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability


Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild.

Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library.

Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group (TAG) have been credited with discovering and reporting the flaw on November 24, 2023.

As is typically the case, the search giant acknowledged that “an exploit for CVE-2023-6345 exists in the wild,” but stopped short of sharing additional information surrounding the nature of attacks and the threat actors that may be weaponizing it in real-world attacks.

Read more…