Chrome users urged to update again due to “high severity” exploit

Hey Chrome users, guess what? The party never stops. Just when we thought we had dodged a bullet with Google patching a zero-day vulnerability just a few days ago, another one pops up. Google’s security team recently found themselves in a déjà vu situation, discovering a second zero-day exploit (CVE-2023-2136) just days after patching another one. The good news is that they’re on it. “Google is aware that an exploit for CVE-2023-2136 exists in the wild,” Google wrote in a release update. Thankfully, a patch is being rolled out now. .stk-60ec9f3{padding-top:0px !important;padding-right:0px !important;padding-bottom:0px !important;padding-left:0px !important} .stk-6add565{padding-top:8px !important;padding-right:32px !important;padding-bottom:8px !important;padding-left:32px !important} .stk-9844602 .stk-block-heading__text{font-size:17px !important}@media screen and (max-width:1023px){.stk-9844602 .stk-block-heading__text{font-size:17px !important}}CVE-2023-2136: Dive Deeper .stk-6e6c657-container{padding-top:0px !important;padding-bottom:8px !important} CVE IDCVE-2023-2136ReferenceNational Vulnerability Database (NVD)CVSS Severity RatingHighFix InformationVarious fixes from internal audits, fuzzing and other initiativesVulnerable Software VersionsPrior to 112.0.5615.137 of Google ChromeDescriptionInteger overflow in Skia in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.ReferencesMISC:https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html URL:https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html MISC:https://crbug.com/1432603 URL:https://crbug.com/1432603Assigning CNAChromeDate Record Created20230417 (Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.) What is it this time, Google? The official report says that this flaw could allow a remote attacker, who’s already compromised the renderer process, to perform a sandbox escape through a crafted HTML page. In plain English, it means they could run untrusted, malicious code…Chrome users urged to update again due to “high severity” exploit

Leave a Reply

Your email address will not be published. Required fields are marked *