Zero-day vulnerability in Google Chrome, statement issued by Google

Google has released an emergency security update to address a critical zero-day vulnerability in its Chrome web browser. The vulnerability, CVE-2023-6345, stems from an integer overflow weakness within the Skia open-source 2D graphics library.

But first, what is zero-day vulnerability?

A zero-day vulnerability is a type of software vulnerability that is unknown to the software vendor. This means that there is no patch or fix available for it yet. Cyber attackers can exploit these vulnerabilities to gain unauthorized access to systems or data without the software vendor’s knowledge. Due to their unpredictability, zero-day vulnerabilities are the most dangerous type of vulnerability.

To explain in simpler terms, imagine your computer as a house and the software installed on it as the locks on the doors and windows. A zero-day vulnerability is like a hidden keyhole that no one knows about. This keyhole can be used by cyber attackers to break into your computer without anyone knowing.

Developers try to fix these keyholes (vulnerabilities) by installing security patches. However, if attackers find the keyhole before the developer can install the patch, they can easily exploit the vulnerability and gain unauthorized access to your computer or data.

The vulnerability could allow attackers to execute arbitrary code on affected systems, potentially taking control of devices or stealing personal information revealed by BleepingComputer. Google has stated that access to the vulnerability’s details will remain restricted until most users have updated their browsers. This reduces the likelihood of threat actors developing exploits based on the newly released technical information. Meanwhile, Google Search Console was down yesterday, throwing Error 500 at users.

Google is aware that the vulnerability is actively exploited in attacks and recommends that all users update their Chrome browsers immediately.