Google has released a security update for its Chrome browser to fix the second zero-day vulnerability exploited in attacks this year. The new version, 112.0.5615.137, addresses a total of eight vulnerabilities, including the high-severity CVE-2023-2136 integer overflow vulnerability in Skia, a 2D graphics library used in Chrome’s rendering pipeline. The Linux version of the update is set to roll out soon.
The update procedure can be started manually through the Chrome settings menu or installed automatically the next time the browser starts.
Google’s Threat Analysis Group (TAG) reported CVE-2023-2136 earlier this month, but the company has not provided many details about how the vulnerability was exploited, following its standard practice when fixing actively exploited flaws in Chrome.
This is to give users the chance to update their software to the safer version before sharing technical details that could enable threat actors to develop their own exploits. Google recommends that all Chrome users apply the available update as soon as possible.
Last Friday, Google released another emergency update to fix CVE-2023-2033, the first actively exploited vulnerability discovered in the browser this year.
These types of flaws are usually leveraged by advanced threat actors, often state-sponsored, who target high-profile individuals in governments, media, or other critical organizations.
To ensure the protection of their systems, Chrome users should apply all available updates immediately.
