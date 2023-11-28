CVE-2023-6345

"This high-severity zero-day vulnerability stems from an integer overflow weakness within the Skia open-source 2D graphics library, posing risks ranging from crashes to the execution of arbitrary code (Skia is also used as a graphics engine by other products like ChromeOS, Android, and Flutter).

"The bug was reported on Friday, November 24, by Benoît Sevens and Clément Lecigne, two security researchers with Google's Threat Analysis Group (TAG).

"Google TAG is known for uncovering zero-days, often exploited by state-sponsored hacking groups in spyware campaigns targeting high-profile individuals like journalists and opposition politicians."

https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2023/