Google has issued a critical security update for Chrome users on Mac, Linux, and Windows to address a zero-day vulnerability known as CVE-2024-6345. According to The Verge, this vulnerability, discovered by Google’s Threat Analysis Group on Nov. 24, presents a significant risk, potentially allowing hackers to access personal data and launch harmful code.
The weakness, labeled as CVE-2024-6345, involves an integer overflow in Skia, the open-source 2D graphics library used in Google Chrome’s graphics engine. Exploiting this vulnerability could enable attackers to evade the sandbox with a malicious file, leading to the risk of system infection and data theft. Google, similar to many tech companies, has chosen not to disclose specific details about the exploit to mitigate further risks.
Immediate action advised for Google Chrome users
Users who have automatic Chrome updates enabled may not need to take additional action. However, those who manually update Chrome should promptly install the latest version. The updated versions are 119.0.6045.199 for Mac and Linux, and 119.0.6045.199/.200 for Windows. This update is part of Google’s ongoing efforts to strengthen security and safeguard user data, with the fix being progressively rolled out over the coming days and weeks.
Google’s swift response to this zero-day vulnerability underscores the importance of regular software updates in defending against cyber threats. Users are reminded to keep their systems updated and remain vigilant against potential cyber attacks.
