Overview
- Google has patched a high-severity zero-day exploit in Chrome and Chromium-based browsers that was being actively exploited, but an estimated 4 billion people may still be affected.
- The exploit, labelled CVE-2023-6351, is an integer overflow issue in Skia, an open source 2D graphics library used by these browsers.
- Google's Threat Analysis Group discovered the exploit on November 24, and it has since been patched along with a number of other security fixes.
- Despite the patch, it may take some time for the update to spread to all affected devices.
- Users are advised to keep their software updated at all times and to pay attention to potential fixes that may not have yet reached their machine.