Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Google patches another critical Chrome security fix

Silhouette of a hand holding a padlock infront of the google chrome logo

Google has released a patch to fix the second zero-day vulnerability found in its Chrome browser this year. 

Much like the previous threat, which was patched mere days ago, this one too is being exploited in the wild, the company confirmed in a security bulletin.

The vulnerability is tracked as CVE-2023-2136, and is described as a high-severity integer overflow bug found in Skia, Google’s open source multi-platform 2D graphics library. Chrome uses Skia to render graphics, text, images, animations, and similar BleepingComputer describes it as a “key component” of the browser’s rendering pipeline.

Allowing access

By abusing the flaw, a potential threat actor could force the browser to render pages incorrectly, suffer memory corruption, and allow for arbitrary code execution. It’s the latter that’s most problematic, as that might allow unauthorized access to the vulnerable endpoint. 

The flaw was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG). TAG usually hunts vulnerabilities and malware used by state-sponsored actors, so it wouldn’t be too extraordinary to speculate that this vulnerability was being abused by nation-state attackers. 

That being said, Google withheld further details about the flaw and its exploit until the majority of browser instances are patched. 

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," the company said. "We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed.”

To secure your browser against this exploit, make sure to bring it up to version 112.0.5615.137. This patch addresses eight vulnerabilities, in total. At press time, the flaw is fixed for Windows and Mac devices, while those working on Linux will have to wait a little longer. Google says the fix for that OS is in the works and should be released “soon”.

While Chrome usually installs these patches automatically at start, users can trigger it manually, too, by navigating to the Chrome menu (three horizontal dots in the upper right corner), tapping Help, and moving to About Google Chrome. 

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.