French security researchers found high-severity Zero-day vulnerability in Chrome's Skia open-source 2D engine!

[D.Draker]

"...was reported on Friday, November 24, by Benoît Sevens and Clément Lecigne, two security researchers with Google's Threat Analysis Group (TAG)."

Source>By Sergiu Gatlan (who has covered cybersecurity, technology, and other news beats for more than a decade.)

https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-7th-zero-day-exploited-in-2023/

"Google is aware that an exploit for CVE-2023-6345 exists in the wild," the company said.

https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html

[D.Draker]

Correction: Clément Lecigne is actually from Switzerland. What do you folks think, is this scary enough?  Skia is used for 2D rendering, not good at all.

[D.Draker]

As of now, seems like they finally started to roll out patches.

But what do they mean by "emergency patches"? Are those only temporary? Not full?

"Google releases emergency patches for eighth Chrome zero-day of 2023"

By Steve Zurier.

https://www.scmagazine.com/news/google-releases-emergency-patches-for-eighth-chrome-zero-day-of-2023

[Sampei.Nihira]

*****

Edited December 30, 2023 by Sampei.Nihira

[mina7601]

*****

Edited December 31, 2023 by mina7601

[Saxon]

On 12/25/2023 at 10:01 AM, Sampei.Nihira said:

*****

?

[D.Draker]

CVE-2023-6345 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-6345

[D.Draker]

On 12/25/2023 at 6:48 PM, mina7601 said:

Regarding the latest version of MBAE, I checked, it can be installed from Windows Vista as the minimum operating system, but KB4474419 (the Server 2008 x86 update for Vista x86, and the Server 2008 x64 update for Vista x64) is required to be installed first before MBAE installation.

My friend, you're lost. MBAE or Server 2008 updates for Vista x86 and Server 2008 x64 are not the topic subject here.

You better tell us how do you fight this new Skia danger? Please stay on-topic.

[mina7601]

*****

Edited December 31, 2023 by mina7601

[D.Draker]

6 hours ago, mina7601 said:

Uhhh, it was a reply to @Sampei.Nihira's question (which is deleted hours ago): he was asking about MBAE's minimum OS requirement, and I replied saying that it can be installed in Windows Vista as the minimum OS, as long as Server 2008's SHA-2 update (K4474419) is installed, that's all. Nothing more, nothing less.

Oh, I see, thanks for clarifying, don't let yourself be mislead by that user into topics derailing!  Yeah, I figured that the deleted post had no value. Tell me, did you already update to Chrome stable 120/121?

They say the Skia issue is fixed there. I don't, I feel it's slower.

[D.Draker]

On 12/25/2023 at 10:01 AM, Sampei.Nihira said:

*****

 

On 12/25/2023 at 6:48 PM, mina7601 said:

*****

 

On 12/31/2023 at 12:57 AM, mina7601 said:

*****

******