Security News > 2023 > April > Google patches another actively exploited Chrome zero-day
Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year.
The stable release is available only for Windows and Mac users, with the Linux version to roll out "Soon," Google says.
To start the Chrome update procedure manually to the latest version that addresses the actively exploited security issue, head to the Chrome settings menu and select Help About Google Chrome.
Following its standard practice when fixing actively exploited flaws in Chrome, Google has not disclosed many details about how CVE-2023-2136 was used in attacks, leaving open to speculation the exploitation method and related risks.
Last Friday, Google released another emergency Chrome update to fix CVE-2023-2033, the first actively exploited vulnerability in the browser discovered in 2023.
Google Chrome emergency update fixes first zero-day of 2023.
News URL
Related news
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google Chrome gets real-time phishing protection later this month (source)
- Google Introduces Enhanced Real-Time URL Protection for Chrome Users (source)
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Miscreants are exploiting enterprise tech zero days more and more, Google warns (source)
- Zero-day exploitation surged in 2023, Google finds (source)
- Google agrees to delete Chrome browsing data of 136 million users (source)
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google fixes two Pixel zero-day flaws exploited by forensics firms (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-19 | CVE-2023-2136 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2023-04-14 | CVE-2023-2033 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |