Update Chrome on your Mac to fix this exploit already in the wild

Macworld

As we wait for iOS 17.2 to arrive and bring bug fixes and security updates to our Mac, Google has a critical update for the Chrome browser on the Mac to patch several security flaws, at least one of which exists in the wild.

According to Google’s Chrome Releases blog, the latest Stable channel update for the Mac desktop browser (119.0.6045.199) is rolling out to users and includes seven security fixes, all of which have been rated as “high” risk.

Spellcheck

Risk: High 

Description: Type Confusion

CVE-2023-6348: Reported by Mark Brand of Google Project Zero

Mojo

Risk: High

Description: Use after free

CVE-2023-6347: Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute

WebAudio

Risk: High

Description: Use after free

CVE-2023-6346: Reported by Huang Xilin of Ant Group Light-Year Security Lab

Libavif

Risk: High

Description: Out of bounds memory access

CVE-2023-6350: Reported by Fudan University

Libavif

Risk: High

Description: Use after free

CVE-2023-6350: Reported by Fudan University

Skia

Risk: High

Description: Integer overflow

CVE-2023-6345: Reported by Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group

Google says it is aware that an exploit for CVE-2023-6345 exists in the wild, meaning that an attacker has used the vulnerability to attack a computer. As Google explains, Chrome uses Skia for nearly all graphics operations, including text rendering, so it’s not so easy to avoid.

To update Chrome, head over to Settings in the Chrome menu, then About Chrome and check for a new update.

Mac