Connect with us

News

Chrome users urged to update again due to “high severity” exploit

Here we go again.

Google chrome on macbook air
Image: KnowTechie

Hey Chrome users, guess what? The party never stops. Just when we thought we had dodged a bullet with Google patching a zero-day vulnerability just a few days ago, another one pops up.

Google’s security team recently found themselves in a déjà vu situation, discovering a second zero-day exploit (CVE-2023-2136) just days after patching another one.

The good news is that they’re on it. “Google is aware that an exploit for CVE-2023-2136 exists in the wild,” Google wrote in a release update. Thankfully, a patch is being rolled out now.

CVE-2023-2136: Dive Deeper

CVE IDCVE-2023-2136
ReferenceNational Vulnerability Database (NVD)
CVSS Severity RatingHigh
Fix InformationVarious fixes from internal audits, fuzzing and other initiatives
Vulnerable Software VersionsPrior to 112.0.5615.137 of Google Chrome
DescriptionInteger overflow in Skia in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ReferencesMISC:https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
URL:https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
MISC:https://crbug.com/1432603
URL:https://crbug.com/1432603
Assigning CNAChrome
Date Record Created20230417 (Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.)

What is it this time, Google?

The official report says that this flaw could allow a remote attacker, who’s already compromised the renderer process, to perform a sandbox escape through a crafted HTML page.

In plain English, it means they could run untrusted, malicious code on your computer and potentially spread infection. Yea, not good!

Now, you might be wondering if this is connected to the other zero-day vulnerability Google patched last Friday (CVE-2023-2033). We don’t know for sure, but both flaws seem to exploit specially crafted HTML pages so they could be related.

The good news is that Google’s been working double-time to patch these flaws. The fix for CVE-2023-2136 is already rolling out, arriving as Chrome version 112.0.5615.137.

How to update Google Chrome

So, how do you update? Keep an eye out for that update button in the upper-right corner of your browser, or head to the “About Chrome” tab to automatically receive the update.

If you don’t feel like waiting, you can always manually update using the instructions below:

Click on the three-dot icon.Screenshot of google chrome showing the three dot menu icon

Navigate to Help, then click About Google Chrome.Screenshot of google chrome showing about google chrome menu item

You’ll see the below page with all the information you need about your current version of Google Chrome. When this page opens, Chrome also checks for pending updates, so you’ll see an animation while it checks and another spirit while it updates your browser if it finds an update.Screenshot of google chrome about page

Google will prompt you to Relaunch your browser if you have an update. It’s essential to do so, as your browser isn’t fully updated until it restarts.Screenshot of google chrome prompt to relaunch

In the meantime, here are some tips to stay secure while browsing online:

  1. Keep your software up-to-date (like, right now with Chrome).
  2. Don’t click on suspicious links or open unknown attachments.
  3. Use strong, unique passwords for each account.
  4. Enable two-factor authentication whenever possible.

Remember, folks, the internet can be a wild place, but with a little vigilance and timely updates, we can keep our browsing experience as secure as possible. Stay safe out there.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at kevin@knowtechie.com or find him on Mastodon or Post.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

TikTok wants to give you free money

Learn More

More in News