Google Fixes Second Chrome Zeroday of 2023
Google has patched another zero-day vulnerability found in Chrome.
The vulnerability tracked as CVE-2023-2136, the security defect is described as a high-severity integer overflow issue in Skia. This bug is also reported by Google TAG.
The latest Chrome 112 update includes eight security fixes, five of which address vulnerabilities reported by external researchers, including four bugs rated ‘high’ severity.
Other than the above, additional vulnerabilities are also fixed, and the most severe are CVE-2023-2133 and CVE-2023-2134, two out-of-bounds memory access issues in the Service Worker API.
The third high-severity issue addressed with this Chrome update is CVE-2023-2135, a use-after-free bug in DevTools.
The fourth medium severity bug tracked as CVE-2023-2137, a heap-buffer overflow in SQLite.
The new Chrome version is rolling out as 112.0.5615.137 for Mac and as versions 112.0.5615.137/138 for Windows. For Linux, the new version is awaited.