Google Patched Second Chrome Zero-Day Within A Week

Following a high-severity zero-day fix, Google has patched another severe zero-day vulnerability in its Chrome browser. Users should update their respective devices to receive the fix.

Another Google Chrome Zero-Day Received A Fix

Google has just released another major Chrome update carrying multiple security fixes days after fixing the type-confusion bug under attack. With the latest Chrome version 112.0.5615.137, Google has also rolled out a zero-day fix alongside other patches.

As mentioned in its advisory, the latest Chrome release includes eight different security patches. From these, the zero-day vulnerability includes a high-severity integer overflow in Chrome’s Skia – a 2D graphics library that serves as the graphics engine for the browser.

Although Google has not disclosed explicit details about the flaw to avoid potential exploits. Yet it did confirm to have detected active exploitation of the flaw CVE-2023-2136.

This zero-day vulnerability first caught the attention of Clément Lecigne of Google’s Threat Analysis Group.

Besides this vulnerability, Google has patched three other high-severity vulnerabilities. Of these, two include out-of-bounds memory access in the Service Worker API (CVE-2023-2133 and CVE-2023-2134). These vulnerabilities caught the attention of the researcher Rong Jian of VRI, each winning an $8000 bounty for the report.

The third vulnerability fix addressed a use-after-free flaw in Chrome DevTools (CVE-2023-2135). This vulnerability caught the attention of Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. Reporting this vulnerability won Kim a $4000 bounty.

Alongside these three important bugs, the latest Chrome release also addressed a medium-severity heap buffer overflow in Chrome SQLite. Reporting this flaw made the researchers, Nan Wang and Guang Gong of 360 Vulnerability Research Institute, win a $1000 bounty.

Google has not elaborated on the other four vulnerability fixes included in this Chrome update. Instead, the one-line statement in its advisory simply directed towards some fixes as a result of internal security work.

The tech giant has automatically rolled out these security fixes with the Chrome stable and extended stable channel 112.0.5615.137/138 for Windows and 112.0.5615.137 for Mac, pledging a patched release for Linux users soon.

Also, it has fixed the same security vulnerabilities with Google Chrome for Android version 112 (112.0.5615.135/.136), as confirmed via another advisory. Android users will receive this update from the official Play Store.

Related posts

Microsoft Defender VPN Detects Unsafe WiFi Networks

Microsoft Makes Recall Opt-In While Improving Privacy

Kia Dealer Portal Vulnerability Risked Millions of Cars