Google Patches Another Actively Exploited Chrome Zero-Day
Summary:
On Tuesday, Google released security updates to address a high-severity vulnerability in the Chrome browser. Tracked as CVE-2023-2136, the flaw is related to an integer overflow vulnerability in Skia, a Google-owned open-source multi-platform 2D graphics library written in C++. For its part, Skia is a key component of Chrome’s rendering pipeline as it provides the browser a set of APIs for rendering graphics, text, shapes, images, and animations.
“Integer overflow bugs occur when an operation results in a value that exceeds the maximum for a given integer type, often leading to unexpected software behavior or having security implications. In the context of Skia, it might lead to incorrect rendering, memory corruption, and arbitrary code execution that leads to unauthorized system access” (Bleeping Computer, 2023).
Analyst comments:
Although Google stated it is aware of attacks in the wild exploiting this flaw, the technical details have yet to be released. The flaw has been patched in version 112.0.5615.137, which users should update to as soon as possible.
Mitigation:
To update Chrome, head to Settings → About Chrome → Wait for the download of the latest version to finish → Restart the program.
Source:
https://www.bleepingcomputer.com/ne...s-another-actively-exploited-chrome-zero-day/