Google has launched a patch to repair the second zero-day vulnerability present in its Chrome browser (opens in new tab) this 12 months. 

Very similar to the earlier menace, which was patched mere days in the past, this one too is being exploited within the wild, the corporate confirmed in a safety bulletin.

The vulnerability is tracked as CVE-2023-2136, and is described as a high-severity integer overflow bug present in Skia, Google’s open supply multi-platform 2D graphics library. Chrome makes use of Skia to render graphics, textual content, photos, animations, and comparable BleepingComputer describes it as a “key part” of the browser’s rendering pipeline.

Permitting entry

By abusing the flaw, a possible menace actor might power the browser to render pages incorrectly, endure reminiscence corruption, and permit for arbitrary code execution. It’s the latter that’s most problematic, as which may permit unauthorized entry to the susceptible endpoint. 

The flaw was found by Clément Lecigne of Google’s Risk Evaluation Group (TAG). TAG normally hunts vulnerabilities and malware utilized by state-sponsored actors, so it wouldn’t be too extraordinary to invest that this vulnerability was being abused by nation-state attackers. 

That being stated, Google withheld additional particulars in regards to the flaw and its exploit till the vast majority of browser situations are patched. 

“Entry to bug particulars and hyperlinks could also be stored restricted till a majority of customers are up to date with a repair,” the corporate stated. “We may also retain restrictions if the bug exists in a third-party library that different tasks equally depend upon, however have not but mounted.”

To safe your browser in opposition to this exploit, be certain to convey it as much as model 112.0.5615.137. This patch addresses eight vulnerabilities, in complete. At press time, the flaw is mounted for Home windows and Mac gadgets, whereas these engaged on Linux must wait a bit of longer. Google says the repair for that OS is within the works and needs to be launched “quickly”.

Whereas Chrome normally installs these patches mechanically at begin, customers can set off it manually, too, by navigating to the Chrome menu (three horizontal dots within the higher proper nook), tapping Assist, and shifting to About Google Chrome. 

• Here is our record of the perfect endpoint safety (opens in new tab) providers right now

Through: BleepingComputer (opens in new tab)