Google has discovered another zero day vulnerability in Chrome just days
Software

Google has discovered another zero-day vulnerability in Chrome just days after fixing the previous one

On Tuesday, Google released a security bulletin mentioning a recently discovered Chrome vulnerability, CVE-2023-2136, classified as “high severity”. Google is aware of the existence of an exploit for this vulnerability “in the real world”. A few days after Google patched another actively exploited zero-day vulnerability, hackers were observed exploiting this vulnerability.

    Image source: Pixabay

Image source: Pixabay

As of now, Google describes CVE-2023-2136 as an integer overflow involving the open-source Skia graphics engine used by Chrome. The official report states that exploitation of the vulnerability “allows a remote attacker who has compromised the rendering process to potentially exit the sandbox via the generated HTML page”, the makes it possible to gain access to further computing processes in order to execute malicious code on the computer.

Although no details are available, the vulnerability may have been exploited together with another zero-day vulnerability called CVE-2023-2033, which Google patched last Friday and which is related to a bug in the browser’s V8 JavaScript engine. The company discovered both vulnerabilities with the help of Clément Lecigne, a security researcher on Google’s Threat Intelligence team, which tracks the most dangerous hacker groups and identifies zero-day vulnerabilities. Clément discovered CVE-2023-2033 on April 11 and CVE-2023-2136 on April 12.

The vulnerabilities are believed to have been exploited in attacks by specially crafted malicious HTML pages sent using phishing messages. Thankfully, Google fixed both issues quickly after they were discovered. The company has already prepared a fix for CVE-2023-2136, which is now to be distributed to users. The fix will be released as Chrome version 112.0.5615.137.

It is recommended to update your browser as soon as possible. In the near future, a button to refresh Chrome should appear in the upper right corner of the browser. Otherwise, you’ll need to go to the About Chrome tab to get the update automatically, or visit the Google support page to learn how to download the patches.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment