Google on Tuesday rolled out emergency fixes to deal with yet another actively exploited superior-severity zero-day flaw in its Chrome web browser.
The flaw, tracked as CVE-2023-2136, is described as a scenario of integer overflow in Skia, an open up source 2D graphics library. Clément Lecigne of Google’s Menace Analysis Team (TAG) has been credited with finding and reporting the flaw on April 12, 2023.
“Integer overflow in Skia in Google Chrome prior to 112..5615.137 allowed a remote attacker who experienced compromised the renderer course of action to potentially conduct a sandbox escape via a crafted HTML website page,” according to the NIST’s Countrywide Vulnerability Database (NVD).
The tech large, which also fastened seven other security issues with the hottest update, stated it can be aware of lively exploitation of the flaw, but did not disclose additional particulars to protect against further more abuse.
The improvement marks the second Chrome zero-day vulnerability to be exploited by malicious actors, and arrives merely times following Google patched CVE-2023-2033 previous 7 days. It truly is not promptly distinct if the two zero-days have been chained with each other as aspect of in-the-wild assaults.
Consumers are suggested to enhance to model 112..5615.137 for Windows, macOS, and Linux to mitigate possible threats. Buyers of Chromium-dependent browsers these types of as Microsoft Edge, Courageous, Opera, and Vivaldi are also advised to apply the fixes as and when they become out there.
Discovered this write-up appealing? Stick to us on Twitter and LinkedIn to browse a lot more unique material we put up.
Some parts of this article are sourced from:
thehackernews.com