In less than a week, Google just fixed the second zero-day bug of the year in its Chrome browser. CVE-2023-2136, as this new vulnerability is called, has been actively exploited by hackers, the California giant states in the security bulletin published online. The first zero-day bug of the year in Chrome was discovered last Friday.
A big security hole
The vulnerability, discovered again by Clément Lecigne, an engineer at Google, is of the integer overflow type in Skia, an open-source 2D graphics library from Google. As BleepingComputer, which reports the information, explains, Skia Chrome offers a set of APIs for rendering graphics, text, shapes, images and animations. It’s a key component in the browser rendering process.
Exploiting this vulnerability can cause Chrome to behave unexpectedly, but more importantly, it can compromise its security. Hackers can actually use it to run arbitrary code and gain unauthorized access to the system.
As usual, in the case of an actively exploited zero-day vulnerability, Google does not provide technical details about the techniques used to exploit the vulnerability. Google therefore intends to allow as many users as possible to update their browsers before sharing technical information that would allow other hackers to exploit the vulnerability to develop their own attacks.
If all desktop versions of Chrome are affected by this vulnerability, the corrective update is currently only available for Windows and macOS and will be available for Linux very soon, Google says. Although Chrome is auto-updated regularly, it’s best to manually force download and install the latest version of Chrome stamped 112.0.5615.137. To do this, click on Chrome’s main menu, represented by three small dots that appear at the top right of the window, and then click About Chrome on the Help menu. The browser should then check for the latest update available on Google’s servers to download and install immediately. You must then click the Relaunch button to restart the browser and finish applying the update.