Lucene search

K
thnThe Hacker NewsTHN:81BF6FC53B8C3E996BC7666821B6BABA
HistoryApr 19, 2023 - 1:47 p.m.

Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released

2023-04-1913:47:00
The Hacker News
thehackernews.com
48

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Google Chrome

Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser.

The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. ClΓ©ment Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023.

β€œInteger overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page,” according to the NIST’s National Vulnerability Database (NVD).

The tech giant, which also fixed seven other security issues with the latest update, said it’s aware of active exploitation of the flaw, but did not disclose additional details to prevent further abuse.

The development marks the second Chrome zero-day vulnerability to be exploited by malicious actors this year, and comes merely days after Google patched CVE-2023-2033 last week. It’s not immediately clear if the two zero-days have been chained together as part of in-the-wild attacks.

Users are recommended to upgrade to version 112.0.5615.137/138 for Windows, 112.0.5615.137 for macOS, and 112.0.5615.165 for Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Twitter ο‚™ and LinkedIn to read more exclusive content we post.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H