Google Chrome Zero Day Vulnerability (CVE-2023-2136)

Published On: Apr 24, 2023 09:13

Advisory No:

Source:

Software Affected:

Overview

Description

Advisory No: TZCERT/SA/2023/04/20

Date of First Release: 20th April 2023

Source: Google

Software Affected:  Google Chrome prior to 112.0.5615.137 (Mac), and Google Chrome prior to 112.0.5615.137/138 (Windows)

Overview:

Google has released security patches to address the Zero Day vulnerability affecting Google Chrome browser for both Mac and Windows operating systems. This vulnerability could allow an attacker to take control of an affected system.

Description:

This vulnerability is tracked as CVE-2023-2136. It is caused by the Integer overflow in Skia in Google Chrome prior to 112.0.5615.137, which allows a remote attacker who had compromised the renderer process to potentially accomplish a sandbox escape via a crafted HTML page. Skia is an open source 2D graphics library used by the browser.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

Google has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
  2. https://thehackernews.com/2023/04/google-chrome-hit-by-second-zero-day.html

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident