As we wait for iOS 17.2 to arrive and bring bug fixes and security updates to our Mac, Google has a critical update for the Chrome browser on the Mac to patch several security flaws, at least one of which exists in the wild.
According to Google’s Chrome Releases blog, the latest Stable channel update for the Mac desktop browser (119.0.6045.199) is rolling out to users and includes seven security fixes, all of which have been rated as “high” risk.
- Spellcheck
- Risk: High
- Description: Type Confusion
- CVE-2023-6348: Reported by Mark Brand of Google Project Zero
- Mojo
- Risk: High
- Description: Use after free
- CVE-2023-6347: Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute
- WebAudio
- Risk: High
- Description: Use after free
- CVE-2023-6346: Reported by Huang Xilin of Ant Group Light-Year Security Lab
- Libavif
- Risk: High
- Description: Out of bounds memory access
- CVE-2023-6350: Reported by Fudan University
- Libavif
- Risk: High
- Description: Use after free
- CVE-2023-6350: Reported by Fudan University
- Skia
- Risk: High
- Description: Integer overflow
- CVE-2023-6345: Reported by Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group
Google says it is aware that an exploit for CVE-2023-6345 exists in the wild, meaning that an attacker has used the vulnerability to attack a computer. As Google explains, Chrome uses Skia for nearly all graphics operations, including text rendering, so it’s not so easy to avoid.
To update Chrome, head over to Settings in the Chrome menu, then About Chrome and check for a new update.
Source : Macworld
