Second zero-day vulnerability fixed in less than a year
Google has just released a new update for its web browser, Chrome, to address a new zero-day vulnerability that is actively being exploited. This is the second zero-day vulnerability that the company has fixed in its browser in less than a year. The new vulnerability, named CVE-2023-2136, is actively being exploited by hackers, according to a security bulletin published by the California-based giant. The first zero-day vulnerability in Chrome this year was discovered last Friday.
Important security breach detected
The security breach was detected by Google engineer Clement Lecigne and is an integer overflow in Skia, an open-source 2D graphics library owned by Google. Skia provides Chrome with a range of APIs for rendering graphics, text, shapes, images, and animation. It is a key component in the browser rendering process. Exploiting this vulnerability can lead to unexpected behavior in Chrome, but more importantly, it can compromise its security. Hackers can use it to execute arbitrary code and gain unauthorized access to the system.
Details withheld to protect users
As usual, in the case of an actively used zero-day vulnerability, Google does not provide any technical details about the methods used to exploit the vulnerability. Google intends to give as many users as possible the opportunity to update their browsers before sharing technical information that would allow other hackers to exploit the vulnerability for their own attacks.
Update available for Windows and macOS
Although the security breach affects all desktop versions of Chrome, the corrective update is currently only available for Windows and macOS, and will appear for Linux soon, according to Google. Although Chrome is regularly updated automatically, it is best to manually force download and install the latest version of Chrome with the number 112.0.5615.137. To do this, click on Chrome’s main menu, represented by three small dots in the top right corner of the window, then select “About Chrome” from the “Help” menu. The browser should then find the latest update on Google’s servers, download it, and install it. Then you will need to click the Restart button to restart the browser to complete the update.