Get the scoop on the latest security updates released in November. Despite the holiday season, major software companies like Microsoft, Google, Atlassian, and Cisco are still hard at work patching up significant security flaws. Here’s a breakdown of what you need to know about the latest round of patches:
Google Chrome
Google wrapped up November by rolling out 7 security fixes for Chrome, including an emergency patch for a vulnerability that’s currently being exploited in real-world attacks. The known bug, tracked as CVE-2023-6345, is an integer overflow issue in Skia, an open source 2D graphics library. According to Google, the company is aware of the exploit for CVE-2023-6345 that’s out in the wild. Not much is known about the fix at this time, but it’s been reported by Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group, suggesting that the exploit may be related to spyware.
Google also addressed 6 other high-impact flaws, including issues with Spellcheck and libavif. Earlier in the month, the tech giant released fixes for 15 security flaws in Chrome, with 3 of them rated as high severity. These included an inappropriate application issue in Payments, an inadequate data validation flaw in USB, and an integer overflow problem in USB.
Mozilla Firefox
Firefox, a rival to Chrome, also rolled out 10 vulnerability fixes, with 6 of them deemed as having a high impact. These included out-of-bound memory access flaw in WebGL2 blitFramebuffer, a use-after-free issue in MessagePort, and possible clickjacking permission prompts using the full-screen transition.
Google Android
Google’s November Android Security Bulletin included details on fixes for 8 elevation of privilege bugs in the Framework, as well as 7 issues in the System, 6 of which were ranked as high severity. One was flagged as critical.
