Critical Google Chrome Update

Google

October 19, 2023

Google issued a new critical security update for Chrome users across multiple platforms to patch an exploit titled CVE-2023-6345.

What’s a “CVE”?

CVE is an acronym for “common vulnerabilities and exposures”, and is a method for publicly sharing information regarding cybersecurity vulnerabilities and exposures.

Ok, so what specifically is CVE-2023-6345?

For those who want to get their “geek” on, feel free to read this section. If you don’t want to get your “geek” on, then you can skip the rest of this section and move on to the “What should I do?” section on the next page.

I’m all geek! What’s going on?

The only thing publicly known is that an integer overflow issue is impacting Skia, which is an open-source 2D graphics library, and part of the Chrome graphics engine. In the geekiest terms possible, it performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. How bad can that be, you ask? Well, it can actually lead to some pretty serious confidentiality, integrity and availability issues.

Why do we not know the full technical details?

Holding back full technical details is common in cases where hackers are already attempting to exploit a vulnerability. Google often will not reveal technical information until such time as the update has been installed on Chrome’s approximate 3.2 billion users. Yes, that’s about 40% of the total human population!

How did this vulnerability become known?

The bug was reported last Friday by researchers at Google TAG, who specialize in detecting vulnerabilities related to spyware and Advanced Persistent Threat (APT) activity. The current update fixes this, as well as a few other vulnerabilities. The only thing publicly known is that an integer overflow issue is impacting Skia, which is an open-source 2D graphics library, and part of the Chrome graphics engine. In the geekiest terms possible, it performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. How bad can that be, you ask? Well, it can actually lead to some pretty serious confidentiality, integrity and availability issues.

What should I do?

If you see on the top right of your Chrome browser that an update is needed, then please click on it to update Chrome immediately. After clicking the update button on the Chrome browser, Chrome will perform the update and relaunch all open tabs within a few seconds.

What should I do if I do not see the update pending on the top right of my Google Chrome browser?

If you do not yet see the update pending, then please do the following immediately.

Step 1 (See screenshots below)

Click on the three dots on the top right of
Go down to where you see “Help”.
Click on the sub-menu dropdown where it says “About Google Chrome”
The screenshot below shows you exactly what to click on and where you’ll find these items.

Step 2

Now you’ll be taken to a different page (as per the screenshot on the next page). If you see that your version number is 119.0.6045.200 (or later), then you’re already done!
If your browser needs updating, then Chrome will automatically download the update. When it has completed downloading (under a minute), click the “Relaunch” button immediately to the right.

Why does the above screenshot show version number 119.0.6045.160?

Good question! The screenshot above shows version 119.0.6045.160 because that was the version on that Chrome browser before the browser was updated. Your version number prior to performing the update may vary, and this is normal. After the update, it should look something like the screenshot below with version number 119.0.6045.200 or later.