December 3, 2023

Google has patched another zero-day vulnerability found in Chrome.

The vulnerability tracked as CVE-2023-2136, the security defect is described as a high-severity integer overflow issue in Skia. This bug is also reported by Google TAG.

Google is aware that an exploit for CVE-2023-2136 exists in the wild.This the second zero-day vulnerability resolved in Chrome this year, after CVE-2023-2033, a type confusion issue in the V8 JavaScript engine, was addressed with an emergency patch last week.

Advertisements

The latest Chrome 112 update includes eight security fixes, five of which address vulnerabilities reported by external researchers, including four bugs rated ‘high’ severity.

Other than the above, additional vulnerabilities are also fixed, and the most severe are CVE-2023-2133 and CVE-2023-2134, two out-of-bounds memory access issues in the Service Worker API.

The third high-severity issue addressed with this Chrome update is CVE-2023-2135, a use-after-free bug in DevTools.

Advertisements

The fourth medium severity bug tracked as CVE-2023-2137, a heap-buffer overflow in SQLite.

The new Chrome version is rolling out as 112.0.5615.137 for Mac and as versions 112.0.5615.137/138 for Windows. For Linux, the new version is awaited.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: