Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Latest Chrome Browser Update Fixes Critical Security Flaw

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,849
38,506


Google has issued a critical security update for Chrome on macOS, Windows, and Linux that fixes a zero-day vulnerability in the browser. On Tuesday, Google in a Chrome stable channel update said it "is aware that an exploit for CVE-2023-6345 exists in the wild."

Chrome-Feature-22.jpg

Google has not provided further details about the CVE-2023-6345 exploit, which was discovered last week by security researchers in Google's Threat Analysis Group (TAG). However, it is believed to be related to Skia, the open-source 2D graphics library in the Chrome graphics engine.

According to the notes for the macOS update 119.0.6045.199, the exploit allowed at least one attacker to "potentially perform a sandbox escape via a malicious file," which could theoretically result in arbitrary code execution and data theft.

Users who have Chrome browser set up to automatically update should not need to do anything. Anyone else is advised to manually update immediately (version 119.0.6045.199 on macOS) to avoid the risk posed by the zero-day exploit. In Chrome settings, click the About Chrome tab, and click Update Google Chrome. If there is no option to update, you are already on the latest version.

(Via Android Central.)

Article Link: Latest Chrome Browser Update Fixes Critical Security Flaw
 
Article Link
https://www.macrumors.com/2023/11/30/chrome-browser-update-zero-day/
The side effect of this is anyone who don’t want to use latest browser for one reason or another (unrelated to security) will now need to use the latest browser because of this security patch.
 
What about that thing that Chrome supposedly "shares" our browsing history with Google servers?
 
Last edited:
ghotinchips said:
Better still, don't use Chrome at all.
Click to expand...
Yet despite all the tails of Google’s thirst for consumer data, the constant drumbeat of privacy and security Chrome has become the most popular browser on the internet worldwide... by far. So apparently all those privacy hand wringers don’t actually care. Google’s products and services are free for the most part and that apparently trumps any concerns about personal data being collected and sold to advertisers.
 
  • Like
  • Disagree
Reactions: jlnr, dba415, kc9hzn and 2 others
lkrupp said:
Yet despite all the tails of Google’s thirst for consumer data, the constant drumbeat of privacy and security Chrome has become the most popular browser on the internet worldwide... by far. So apparently all those privacy hand wringers don’t actually care. Google’s products and services are free for the most part and that apparently trumps any concerns about personal data being collected and sold to advertisers.
Click to expand...
Chrome's popularity happened way before awareness of Google's privacy issues become the norm.
 
lkrupp said:
Yet despite all the tails of Google’s thirst for consumer data, the constant drumbeat of privacy and security Chrome has become the most popular browser on the internet worldwide... by far. So apparently all those privacy hand wringers don’t actually care. Google’s products and services are free for the most part and that apparently trumps any concerns about personal data being collected and sold to advertisers.
Click to expand...
it confirms that the human species is hopeless. There is something fundamentally wrong with us.
 
  • Like
Reactions: cubbie5150, dogstar, TheWatchfulOne and 1 other person
lkrupp said:
Yet despite all the tails of Google’s thirst for consumer data, the constant drumbeat of privacy and security Chrome has become the most popular browser on the internet worldwide... by far. So apparently all those privacy hand wringers don’t actually care. Google’s products and services are free for the most part and that apparently trumps any concerns about personal data being collected and sold to advertisers.
Click to expand...
Privacy hand wringers are, by definition, people who do care. Probably, there are just not that many of us that care enough about privacy.
 
Powerbooky said:
What about that thing that Chrome supposedly "shares" our browsing history with Google servers?
Click to expand...
If we're lucky, Google stores all our browsing history on their own Google Drive account, in which case they could potentially lose a bunch of it at any time? 🤞
 
There's no better time like the present to switch to Firefox, Ungoogled Chromium, and/or Orion

Firefox: better extension support, open source, and it's possible to turn all the telemetry off.

Ungoogled Chromium: For those who still want a chromium based browser. Takes a little time to set up since it doesn't have the DRM software for streaming, nor the default extension store. This can be installed seperately.

For those Webkit lovers out there use Orion - no telemetry included they say, and web extensions from Chrome and Firefox can be used. Firefox versions tend to work better.

Disable Firefox Telemetry

Ungoogled Chromium

Orion Browser
 
Last edited:
  • Like
Reactions: Eidorian and MacHeritage
Chuckeee said:
Isn’t this just another weekly update? Important yes! But is it news?
Click to expand...
Well, if there’s an active exploit in the wild, that does make updating in a timely manner that much more important (and newsworthy).
 
eccentricglow said:
There's no better time like the present to switch to Firefox, Ungoogled Chromium, and/or Orion

Firefox: better extension support, open source, and it's possible to turn all the telemetry off.

Ungoogled Chromium: For those who still want a chromium based browser. Takes a little time to set up since it doesn't have the DRM software for streaming, nor the default extension store. This can be installed seperately.

For those Webkit lovers out there use Orion - no telemetry included they say, and web extensions from Chrome and Firefox can be used. Firefox versions tend to work better.

Disable Firefox Telemetry

Ungoogled Chromium

Orion Browser
Click to expand...
Granted, using Ungoogled Chromium would still leave you vulnerable to this exploit without this update. And not all Chromium based browsers issue updates as quickly as others. Maybe Ungoogled Chromium has great CI/CD and can issue new builds basically as soon as a new Chromium build is issued and can push it out to users automatically and seamlessly. But I kinda doubt it, alas. That’s reason enough to favor non-Chromium and to avoid browser monoculture, I reckon. The solution to the Google problem probably isn’t Chromium based alternatives because of the potential security issues, but non-Google browsers that can have telemetry disabled (or only selectively enabled, ie crash logs and the like).
 
  • Like
Reactions: dominiongamma
I'm just curious honestly. Do you really think Safari is any better security-wise?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back