If you are reading this on Google Chrome, update it now as you might be vulnerable to cyberattacks.
Google and Apple, on Thursday, announced a series of emergency updates to fix critical zero-day flaws on Chrome and iOS devices.
Google confirmed that "an exploit for CVE-2023-6345 exists in the wild," allowing one threat actor to "potentially perform a sandbox escape via a malicious file."
Sandbox escapes are used by hackers to attack vulnerable systems and devices to insert malware and steal sensitive user data. The flaw was first detected by Google's Threat Analysis Group in November.
The US National Institute of Standards and Technology rated the severity of the security issue as high.
The bug patches came in after Google announced the release of Chrome Beta 120 on iOS devices.
Also Read: Google Chrome Users Update ASAP! Latest Patch Fixes Actively Exploited Zero-Day Vulnerability
System Weakness in Apple iOS
Apple is set to release security updates for all iOS, macOS, and iPadOS devices after detecting two active vulnerabilities.
The flaw was found in the WebKit system, the engine that runs Safari and other Apple services.
One of the flaws, CVE-2023-42916, is an out-of-bounds error that allows hackers to access online data.
The second flaw, CVE-2023-42917, is a memory corruption flaw that can be used to insert malicious codes via WebKit apps.
Apple reports suggest that the attacks target older iOS with weaker security systems to protect it from cyberattacks.
How to Protect Your Devices from Zero-Day Exploits
Both Google and Apple advise users to immediately update their Chrome to receive the latest bug fixes.
Chrome is usually set to receive updates automatically. However, if this is not the case, it is recommended to update the app fast before any hacker uses the exploit on your devices.
Google reported that Mac, Linux, Windows, and Android devices using Chrome are vulnerable to attacks and must be updated to the latest version to avoid unwanted exposure.
The company said more fixes will roll out over the coming days/weeks."
The search giant is keeping silent for now on how the exploit works, per company standard operations, to prevent other hackers from abusing the vulnerability.
