Google has released a new emergency security update for Chrome to address a high severity zero-day vulnerability that’s currently being exploited by hackers.
As reported by BleepingComputer, the zero-day in question (tracked as CVE-2023-6345) has now been patched in Chrome version 119.0.6045.199/.200 for Windows and version 119.0.6045.199 for Mac and Linux.
In an advisory sent out alongside the emergency security update, the Chrome team explained that it also contains fixes for 6 other security flaws, all of which are high-severity vulnerabilities. With this latest security update for its browser, Google has now patched a total of six zero-day vulnerabilities in this year alone that hackers managed to develop exploits for.
If you haven’t updated Chrome lately, you’re going to want to install this emergency security update as soon as possible since there is a chance — though relatively small — that the zero-day flaw it patches could be used by hackers in their attacks. Even then, you always want to keep your browser up to date as cybercriminals often target users that are running outdated software.
Reader Offer: Save 68% on Aura identity theft protection
Aura provides everything you need to protect your identity, data and devices online with malware protection, a password manager and a VPN all included. Tom's Guide readers can save up to 68% when they sign up.
Preferred partner (What does this mean?)
Exploited by hackers but details are scarce
Like with other recent zero-day flaws, Google isn’t saying much as to how hackers are currently exploiting this one in the wild. This is pretty standard though and Apple does the exact same thing with iPhone and Mac zero-days.
The reasoning behind this is pretty simple. If Apple or Google in this case says too much about how hackers are using a zero-day in their attacks, other cybercriminals could follow suit and develop their own exploits. By keeping the details scarce for the time being, Google and other tech giants are giving their users more than enough time to download and install the latest security updates.
The most recent high-severity zero-day flaw in Chrome is an integer overflow bug in the open source, 2D graphics library Skia. Besides Chrome though, it’s also used in other products including ChromeOS on the best Chromebooks, Android and Flutter.
As this flaw was discovered by two security researchers from Google’s Threat Analysis Group (TAG), BleepingComputer believes that hackers could be exploiting it in spyware attacks. However, since these kinds of zero-day flaws are often used by state-sponsored hackers targeting high-profile individuals like journalists and politicians, most people won’t likely need to worry about falling victim to an attack.
Still though, keeping your browser up to date is one of the most important and the easiest way to stay safe from hackers.
How to stay safe from attacks exploiting zero-day flaws
Like I mentioned before, installing the latest security updates and patches as soon as they become available is the easiest way to ensure you won’t get caught up in a cyberattack that’s exploiting a recently discovered zero-day flaw.
Although you can manually check for updates by clicking on the three-dot menu, opening Settings and then going to About Chrome, Google also uses a color-coded warning system to let you know when new updates or patches are available. When this happens, you’ll see a bubble next to your profile picture in Chrome. The bubble turns green for a 2-day old update, orange for a 4-day old update and red when an update was released at least a week ago.
Besides keeping your browser up to date, you should also be using the best antivirus software on your Windows PC, the best Mac antivirus software on your Apple computer and one of the best Android antivirus apps on your Android smartphone. This way, you can ensure you’re protected from malware and other viruses.
Zero-day flaws in popular software are more common than you think but in this case, if you keep your browser up to date, you should be fine. It’s just a matter of taking the time to install any new updates that appear instead of putting them off. Fortunately, Chrome updates quickly and reopens all of your current tabs after a restart, so you can pick up right where you left off.
More from Tom's Guide
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.