"Google Patches Seventh Chrome Zero-Day of 2023"

Google recently announced a security update that addresses a zero-day vulnerability in the Chrome browser.  The high-severity issue tracked as CVE-2023-6345 is described as an integer overflow bug in Skia, the open-source 2D graphics library that serves as the graphics engine in Chrome, Firefox, and other browsers.  Google stated that it is aware that an exploit for CVE-2023-6345 exists in the wild.  The latest Chrome update patches five other high-severity vulnerabilities, including three use-after-free issues in Mojo, WebAudio, and libavif, a type confusion bug in Spellcheck, and an out-of-bounds memory access flaw in libavif.  Google noted that it has handed out $55,000 in bounty rewards to the reporting researchers, with the highest payout ($31,000) going to Leecraso and Guang Gong of 360 Vulnerability Research Institute for the vulnerability in Mojo (CVE-2023-6347).  CVE-2023-6345 is the seventh Chrome zero-day addressed this year, after CVE-2023-5217, CVE-2023-4762, CVE-2023-4863, CVE-2023-3079, CVE-2023-2033, and CVE-2023-2136.  The latest Chrome release is now rolling out to users as version 119.0.6045.199 for macOS and Linux and as versions 119.0.6045.199/.200 for Windows.

SecurityWeek reports: "Google Patches Seventh Chrome Zero-Day of 2023"