CVE-2023-2136

Switchuser2

HereishowmesseduptheAmericanSchoolSystemis

EduardKovacs

Google warns of CVE-2023-2136, another zero-day vulnerability in Chrome, only days after addressing a similar issue.

Komodosec

#Vulnerability #chrome Google Fixes Actively Exploited CVE-2023-2136 Zero-Day Vulnerability in Chrome

Slvlombardo

Aggiornamento: #Chrome, rilasciati aggiornamenti urgenti Corretta anche una seconda vulnerabilità zero-day (CVE-2023-2136)

elhackernet

Segundo parche de emergencia grave para Google Chrome en menos una semana Actualización de emergencia para varias vulnerabilidades, incluida CVE-2023-2136 se está explotando en la actualidad https://t.co/kQ2fvVFuLr

TechMentorHQ

أصدرت /hashtag/جوجل?src=hashtag_click تحديث لتصحيح ثغرة أمنية في متصفحها /hashtag/كروم?src=hashtag_click، وهي ثغرة من نوع "Zero-day” ما يعني أنها ثغرة غير معروفة للمطورو المتصفح حتى وقت اكتشافها وتصحيحها، وتم تسجيلها باسم CVE-2023-2136. /hashtag/السلامة_الرقمية?src=hashtag_click (1-5)

MachinaRecord

Google、Chromeにおける2023年2件目のゼロデイ脆弱性にパッチ（CVE-2023-2136） サイバースパイ活動グループBlind Eagleが再襲：新たな攻撃チェーンが発見される 「イランハッカーの攻撃がエスカレートしている」とマイクロソフト 〜サイバーアラート　4月20日〜

jbhall56

The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023.

TodayCyberNews

Google has released a security update to fix 0-day in Chrome 116. CVE-2023-4863, rated as Critical Severity, is described as a heap-based buffer overflow issue in the WebP component that can be used to crash the application and potentially execute arbitrary code. WebP is an image format that provides improved compression and quality over the well-known JPEG and PNG formats and is supported by all modern browsers, including Chrome, Firefox, Safari, Edge and Opera. According to Google , an exploit for CVE-2023-4863 exists and is being used in the wild. ( https://t.co/RqZTdLoBEA ) The vulnerability became known on September 6 after a report from Apple Security Engineering and Architecture (SEAR) and Citizen Lab, which is known to have recently specialized in uncovering the activities of spyware vendors. As usual, Google refrained from providing technical details or the circumstances surrounding the observed exploitation. But given that SEAR and Citizen Lab were behind the disclosure, it is highly likely that the vulnerability was exploited by one of the spyware vendors. Moreover, the Google Chrome patch appeared just a few days after Apple announced a 0-day fix in iOS and macOS, which was discovered by Citizen Lab during an analysis of its exploitation associated with NSO Group's Pegasus spyware. CVE-2023-4863 is the fourth 0-day patched by Google in Chrome this year, following CVE-2023-3079 (V8 engine type confusion) in June, as well as CVE-2023-2033 (V8 engine type confusion ) and CVE-2023-2136 (integer overflow in Skia) in April. The latest version of Chrome is now available to users as version 116.0.5845.187 for macOS and Linux and as version 116.0.5845.187/.188 for Windows. Check Out Old Tweets Of /TodayCyberNews #CyberSecurity #redteam #infosec #hackers