Google on Tuesday rolled out emergency fixes to address another actively exploited substantial-severity zero-day flaw in its Chrome web browser.
The flaw, tracked as CVE-2023-2136, is described as a circumstance of integer overflow in Skia, an open supply 2D graphics library. Clément Lecigne of Google’s Menace Examination Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023.
“Integer overflow in Skia in Google Chrome prior to 112..5615.137 permitted a distant attacker who experienced compromised the renderer approach to possibly accomplish a sandbox escape through a crafted HTML web page,” according to the NIST’s Nationwide Vulnerability Database (NVD).
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The tech huge, which also set 7 other security issues with the hottest update, said it is knowledgeable of energetic exploitation of the flaw, but did not disclose extra facts to prevent further more abuse.
The advancement marks the 2nd Chrome zero-day vulnerability to be exploited by destructive actors, and arrives just days right after Google patched CVE-2023-2033 last week. It can be not promptly distinct if the two zero-days have been chained jointly as element of in-the-wild attacks.
People are advised to upgrade to edition 112..5615.137 for Windows, macOS, and Linux to mitigate probable threats. End users of Chromium-primarily based browsers these types of as Microsoft Edge, Courageous, Opera, and Vivaldi are also suggested to apply the fixes as and when they grow to be available.
Observed this article exciting? Abide by us on Twitter and LinkedIn to read additional special content material we article.
Some pieces of this posting are sourced from: