Make sure your Google Chrome browser is updated as soon as possible to avoid potential malicious attacks by remote hackers. On November 24, Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group discovered an integer overflow bug (called CVE-2023-6345) in Skia, the graphics engine for Google Chrome and ChromeOS (via Android Central).
According to the National Vulnerability Database, this integer overflow bug "allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file." In simple terms, this bug could allow hackers to execute a virus on your laptop via Chrome or access your sensitive in-browser data.
The bug has a Chromium security severity of high, and in Google's recent release notes, the company notes that it's "aware that an exploit of CVE-2023-6345 exists in the wild." Automatic updates will roll out to Mac, Linux, and Windows users "over the coming days/weeks," but many people are able to update to the new browser version now.
Here's how to check your Chrome browser's version number, as well as how to manually check for updates if you don't have the most recent update yet.
How to update your Google Chrome Browser
If you don't have Google Chrome set to automatically update, you'll need to manually check for updates to get the patch for this integer overflow bug. For Mac and Linux users, the stable channel will be updated to 119.0.6045.199, and for Windows users, it'll be updated to 119.0.6045.199/.200.
To see your Chrome browser's current version number, click on the three vertical dots in the top right corner of your open browser window. Select Settings from the dropdown menu, and then scroll all the way down to find About Chrome in the left-side menu.
Underneath the Google Chrome header, you'll see Version followed by a string of numbers. Compare the numbers you see to the ones above specific to your computer's operating system.
Above my current version number, there's a message that reads "Nearly up to date! Relaunch Chrome to finish updating." If you see this message, it means your browser has automatically been updated with the most recent patch, and you just need to restart the browser to complete the process. Any tabs you currently have open will reopen once your browser restarts.
If your version number isn't up to date, it's possible the patch might not have reached you yet. Once there's an update to install, it'll either be automatically installed if you have auto-updates enabled, or you'll see a button that reads Update Google Chrome.
This is Chrome's sixth zero-day vulnerability this year, but it looks like Google is acting quickly and rolling out a patch before any major harm can be done. Plus, a month ago, Google boosted its privacy game with a tool that can hide your IP address. It might not be as privacy-focused as FireFox or DuckDuckGo yet, but it's a step in the right direction.
