New Zero-Day Vulnerability in Google Chrome 119 Already Actively Exploited
Google has released a new security update for Chrome 119 for Windows, Linux, and Mac. The update includes fixes for 7 high-severity vulnerabilities. The main issue is with an integer overflow bug in Skia that is already being actively exploited in the wild. This could lead to arbitrary code execution or even crashes. We have added a new report to Lansweeper to help you locate vulnerable Chrome installations.
Google Chrome Vulnerability CVE-2023-6345
The new security update for Chrome 119 includes security fixes for 7 new vulnerabilities, all of which received a high severity rating. However, the main concern to look out for is an integer overflow vulnerability in the Skia open-source 2D graphics library, tracked as CVE-2023-6345. This vulnerability is already being exploited in the wild and can cause program crashes or lead to arbitrary code execution. This can in turn compromise sensitive data or disrupt operations. You can find more information on Chrome’s release page.
Update Vulnerable Chrome Installations
As always Google hasn’t released any additional bug details yet. This way they want to give users the chance to update first, so that malicious actors won’t be able to leverage the additional information for further attacks. In order to protect your network, make sure to update any installations of Google Chrome to the latest version, that is version 119.0.6045.199, as soon as possible.
Discover Vulnerable Chrome Installs
We have added a new vulnerability audit report to Lansweeper that will help you locate vulnerable installations of Google Chrome in your network. The report will give you an actionable list of installations that still need to be updated to the new version. You can get the report via the link below.