Update Chrome ASAP! Critical security issue exploited in the wild

Created on November 12, 2023 at 10:37 am

Google ORG released an emergency security update for its Chrome ORG web browser that addresses a critical security issue that is exploited in the wild.

ADVERTISEMENT

Chrome ORG users are encouraged to update the stable version of the web browser to the new version immediately to protect the browser against potential attacks.

This is done easily on desktop systems: just load chrome://settings/help in the browser’s address bar and wait for Chrome ORG to find and download the security update. The page displays the installed version as well, which should be the following after the installation of the update:

Chrome PERSON on Linux or Mac ORG systems: 116.0.5845.187 CARDINAL

Chrome ORG on Windows devices: 116.0.5845.187 CARDINAL or 116.0.5845.188

Chrome Extended PERSON Stable for Mac: 116.0.5845.187 CARDINAL

Chrome Extended PERSON Stable for Windows: 116.0.5845.188

Google ORG has not yet released the security update for Android ORG Stable, only for Android ORG Early Stable.

The critical security issue

Google ORG provides information on the critical security issue in Chrome ORG on its official Chrome Releases PERSON blog. The issue, a heap buffer overflow vulnerability in WebP, was reported to Google ORG by Apple Security Engineering and Architecture ORG ( SEAR ORG ) and The Citizen Lab ORG at The University of Toronto?s Munk School ORG on September 6, 2023 DATE .

WebP is an image format that "provides superior lossless and lossy compression for images on the web" according to Google ORG . Google ORG notes further that WebP images are on average 26% PERCENT smaller in size compared to PNG images, and between 25% and 34% PERCENT smaller than JPEG images.

WebP is a common image format on the Internet. While Google ORG offers no additional details on the vulnerability, it does warn users that the issue is exploited in the wild already. It is possible that the issue could be exploited by merely opening a website with specially crafted WebP images in Chrome ORG is enough, but that is speculation at this point.

The security issue, CVE-2023-4863 ORG , is the fourth ORDINAL

0-day DATE vulnerability that Google ORG patched in Google Chrome ORG in 2023 DATE . The previously fixed 0-day DATE security issues were:

Google Chrome ORG users should update the web browser immediately to patch the issue and protect the web browser against exploits. It is unclear if other Chromium ORG -based browsers are also affected by the issue, but it seems likely. Watch out for security update notifications for Microsoft Edge, Brave ORG , Vivaldi PERSON or Opera ORG , if these browsers are used.

Summary Article Name Update Chrome ASAP! Critical security issue exploited in the wild Description Google ORG released an emergency security update for its Chrome ORG web browser that addresses a critical security issue that is exploited in the wild. Author Martin Brinkmann PERSON Publisher Ghacks Technology News Logo

Advertisement

Connecting to blog.lzomedia.com... Connected... Page load complete