Google Chrome has been around for several years the most used web browser in the world, with a big difference compared to its competitors. I won’t go into the reasons why Google’s browser is so successful, or the eternal debate between whether its strengths and its weaknesses should weigh more, for this occasion I will stick to the numbers, and in this regard, the latest data from StatCounter for October 2023 reflects the share in the desktop market at 63.24%, followed (by a long way) by Apple Safari at 12.74% and Microsoft Edge at 10.80%. As for the metrics here, Google Chrome rises to 71.38%, while Edge and Safari swap positions with 9.04% and 7.25% respectively.

So when a security issue is identified that affects this browser, the alert level must be particularly high because looking at the data from Spain we are talking about a threat that appears in more than 7 out of 10 PC users who connect to the Internet, that means we are talking about millions of people in our country alone. If we extrapolate this data to the rest of the world, we can clearly see that the scale is monumental.

This is happening again with Google Chrome and the company has released an update containing at least seven security-related fixes, including the one that mitigates the vulnerability identified as CVE-2023-6345. Not much has been revealed about it because Google follows responsible communication practices, but we do know that it has its origins in Skia, an open source 2D graphics library, and what’s particularly worrying is that its exploits have already been exposed. in the wild.

For those unfamiliar with the terminology of the cybersecurity world, I clarify three particularly important terms below:

• CVE: Short for Common Vulnerabilities and Exposures, a standardized system for cataloging and identifying security issues. This system allows us to quickly identify the threat we are referring to, which can be more difficult if we refer to them by the names that are sometimes assigned to them.
• Responsible disclosure: a security policy consisting in initially revealing the existence of a vulnerability, but not its nature. In this way, users are encouraged to take the necessary precautions to protect themselves, but it is not explained what this means to prevent them from being misused by those who may have access to said information. After a reasonable period of time, which can be determined based on time, measures taken by responsible persons or the volume of already protected users, the nature of the vulnerability is fully disclosed.
• In the wild: a term very commonly used in the security sector to refer to the fact that third-party exploitation of a vulnerability has been detected, generally in a malicious way.
• Day zero: the vulnerability that was just discovered in the wild. While there may be exceptions, we can relate this concept to a security issue that is already being exploited but has just been identified and therefore does not yet have a solution to mitigate the threat. Depending on who you ask, “day zero” refers to the amount of time that has passed since the problem was discovered, or the time that the affected technology company could spend fixing it.

As you can deduce, Zero-day vulnerabilities are generally the most dangerous, because they are already in the hands of cybercriminals, but there is no protection against them initially. This is why technology companies must act quickly, and of course, once solutions are available, affected users must use them immediately to avoid putting themselves at risk.

So, if you are using Google Chrome on your computer, you should update your browser as soon as possible. These are the updated versions that therefore address the CVE-2023-6345 vulnerability, among others:

• Windows: 119.0.6045.199 /.200
• Linux and macOS: 119.0.6045.199

For check what version you have and install the update if necessary and is available, click the menu (three vertical dots to the right of the address/search bar) and in the menu that appears, go to Help and click About Google Chrome. This will open a new tab with information from your browser, in which you can see the current version and automatically activate the download of the update if necessary.

As mentioned, the extreme urgency of this update is due to the CVE-2023-6345 vulnerability, but Google has added fixes for other vulnerabilitiesare as follows:

• CVE-2023-6348
• CVE-2023-6347
• CVE-2023-6346
• CVE-2023-6350
• CVE-2023-6351

And a set of fixes that are not related to the vulnerabilities described, but improve browser security. So as you can see and if you are a Google Chrome user, you should check if you can already install the update and in that case do it immediately.