Google is updating Chrome (again) to fix a new zero-day flaw

In less than a week, Google has just fixed the second zero flaw of the year in its Chrome browser. CVE-2023-2136, this is the name of this new breach, which has been actively exploited by hackers, notes the Californian giant in a security bulletin posted on the Internet. The first zero-day flaw of the year was discovered in Chrome last Friday.

Major security breach

Discovered again by Clement Leysin, an engineer at Google, the vulnerability is an integer overflow type in Skia, an open source 2D graphics library owned by Google. As BleepingComputer, which reports the information, explains, Skia provides Chrome with a number of APIs for displaying graphics, text, shapes, images, and animations. It is a major component of the browser’s rendering process.

Exploiting this security breach can cause Chrome to behave unpredictably, but more importantly, it can compromise its security. Hackers can actually use it to execute arbitrary code and gain unauthorized access to the system.

As usual, in the event of a zero-day vulnerability that has been actively exploited, Google does not provide any technical details regarding the technologies used to exploit the vulnerability. Thus Google intends to allow as many users as possible to update their browser before sharing technical information that would allow other hackers to hijack the bug to develop their own attacks.

If all desktop versions of Chrome are affected by this security breach, the patch update is currently only available for Windows and macOS and will soon arrive on Linux, Google says. Although Chrome updates automatically on a regular basis, it is best to force manually download and install the latest version of Chrome, which is stamped 112.0.5615.137. To do this, click on the Chrome main menu, represented by the three small dots displayed at the top right of the window, and then on the Help menu, click About Chrome. The browser should then search for the latest available update on Google’s servers to download and install it immediately. You will then need to click on the Restart button to restart the browser in order to finish applying the update.