Google is rolling out a security patch for its Chrome web browser that fixes a security flaw that could allow a malicious user to run dangerous code on a user's computer. The update is available for Windows, macOS and Linux computers, and users should install the latest version to stay protected against the zero-day vulnerability – the sixth to be patched by Google this year. The company is expected to provide more information once the update is rolled out to multiple users.
Spotted by Android Central, the Google Chrome update 119.0.6045.199 for macOS and Linux was rolled out to users earlier this week, alongside version 119.0.6045.200 for Windows computers with a fix for a zero-day vulnerability in tow. These are errors that were previously unknown to the developers of the software, making them a target for malicious users.
With the latest Google Chrome update, the company has patched the security bug tracked by the National Institute of Standards and Technology (NIST) as CVE-2023-6345. While the company hasn't revealed much information about the vulnerability, the company does say in the release notes for the latest update that it is aware that “an exploit for CVE-2023-6345 exists in the wild.” Users must enable automatic updates for Chrome or manually update to the latest versions to get the latest fixes.
Meanwhile, the vulnerability's listing on the NIST website has been assigned a “High” severity level. The description states that it is related to the open source Skia library used in Google Chrome. An attacker can use a malicious file to compromise the renderer process and escape the sandbox – a system designed to separate the browser and the system, keeping the latter protected.
The company credits Benoît Sevens and Clément Lecigne of its Threat Analysis Group (TAG) for discovering the vulnerability, which was found on November 24 and quickly patched by the company. At this time, it is unclear whether other browsers and applications also based on Google's open-source Chromium browser project will also be affected by the flaw, or when they will receive updates with security patches.
For the latest tech news and reviews, follow DailyExpertNews X, Facebook, WhatsApp, Threads and Google News. Subscribe to our YouTube channel for the latest videos on gadgets and technology.
Nothing Phone 2 price in India gets permanent price cut; Now starts at Rs. 39,999
UN to train more than 22,000 staff on Blockchain, Web3: here's why