Google releases another emergency security update for Chrome
It is time to update Google Chrome again. Google has just released an emergency security update for its Chrome web browser that addresses a security issue that is exploited in the wild.
The update is available for desktop versions of Google Chrome and for Chrome on Android. Users are advised to update as soon as possible to protect their devices from potential attacks that target these vulnerabilities.
Chrome desktop users may load chrome://settings/help directly in the address bar, or select Menu > Help > About Google Chrome, to display the installed version. The browser runs a check for updates when the page is opened to download the latest update that it finds. A restart of the browser is required to complete the process. On Android, updates are handled by Google Play.
Once updated, the following versions should be listed on the About Google Chrome page:
- Google Chrome for Windows: 112.0.5615.137 or 112.0.5615.138
- Google Chrome for Mac or Linux: 112.0.5615.137
- Google Chrome for Android: 112.0.5615.135 or 112.0.5615.136
Google Chrome 112: security update
Google lists five of the eight security issues that it fixed in the latest Google Chrome update on the official Chrome Releases blog. Information about security issues that it detected internally are not revealed to the public.
The five security issues include the issue that is exploited in the wild. Here is the listing:
- [$8000] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
- [$8000] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
- [$3000] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
- [$NA] High CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-12
- [$1000] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05
External security researchers get a bug bounty when they report security issues to Google and other browser developers.
Security issue CVE-2023-2136 is exploited in the wild, according to Google. Public information is limited at this point, but Skia refers to a component of Chrome that is responsible for "nearly all graphics operations, including text rendering" according to the Chromium design documents.
Users who run other Chromium-based web browsers should pay attention to updates for their browsers, as these are also affected by the security issue. Expect updates for Edge, Brave and other browsers soon.
The security update is the second update for Chrome 112 that patches a security issue that is exploited in the wild. The previous update was released on April 15, 2023.Advertisement