Subj : Google patches another critical Chrome security fix
To   : All
From : TechnologyDaily
Date : Thu Apr 20 2023 11:00:04

Google patches another critical Chrome security fix

Date:
Thu, 20 Apr 2023 09:54:18 +0000

Description:
The Google Chrome zero-day is being abused in the wild, company confirms.

FULL STORY
======================================================================

Google has released a patch to fix the second zero-day vulnerability found in 
its Chrome browser this year. 

Much like the previous threat, which was patched mere days ago , this one too 
is being exploited in the wild, the company confirmed in a security bulletin. 

The vulnerability is tracked as CVE-2023-2136, and is described as a 
high-severity integer overflow bug found in Skia, Googles open source 
multi-platform 2D graphics library. Chrome uses Skia to render graphics, 
text, images, animations, and similar BleepingComputer describes it as a key 
component of the browsers rendering pipeline. Allowing access 

By abusing the flaw, a potential threat actor could force the browser to 
render pages incorrectly, suffer memory corruption, and allow for arbitrary 
code execution. Its the latter thats most problematic, as that might allow 
unauthorized access to the vulnerable endpoint. 

The flaw was discovered by Clment Lecigne of Google's Threat Analysis Group 
(TAG). TAG usually hunts vulnerabilities and malware used by state-sponsored 
actors, so it wouldnt be too extraordinary to speculate that this 
vulnerability was being abused by nation-state attackers. 

That being said, Google withheld further details about the flaw and its 
exploit until the majority of browser instances are patched. Read more 

> > Emergency Google Chrome update patches exploit abused in attacks 


 > Patch Google Chrome now to fix this emergency security flaw 


 > Here are the best malware removal tools 

"Access to bug details and links may be kept restricted until a majority of 
users are updated with a fix," the company said. "We will also retain 
restrictions if the bug exists in a third-party library that other projects 
similarly depend on, but haven't yet fixed. 

To secure your browser against this exploit, make sure to bring it up to 
version 112.0.5615.137. This patch addresses eight vulnerabilities, in total. 
At press time, the flaw is fixed for Windows and Mac devices, while those 
working on Linux will have to wait a little longer. Google says the fix for 
that OS is in the works and should be released soon. 

While Chrome usually installs these patches automatically at start, users can 
trigger it manually, too, by navigating to the Chrome menu (three horizontal 
dots in the upper right corner), tapping Help, and moving to About Google 
Chrome. Here's our list of the best endpoint protection services today 

Via: BleepingComputer



======================================================================
Link to news story:
https://www.techradar.com/news/google-patches-another-critical-chrome-security
-fix


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.