Google Releases Another Emergency Security Update for Chrome

Last week Google released an emergency security update for its browser, and today Google pushed another emergency security update to address a security issue that is exploited in the wild.

The update is available for desktop versions of Google Chrome and for Chrome on Android. Users are advised to update as soon as possible to protect their devices from potential attacks that target these vulnerabilities.

Google has enumerated five out of eight security concerns which were resolved through the recent update of Google Chrome. These updates were documented on the official Chrome Releases blog. However, the security issues that were detected internally by Google are not disclosed to the general public.

1. [$8000][1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
2. [$8000][1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
3. [$3000][1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
4. [$NA][1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-12
5. [$1000][1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05

According to Google, the vulnerability identified as CVE-2023-2136 is exploited in-wild. 

Chrome Stable channel has been updated to 112.0.5615.137 for Windows, and Mac, and 112.0.5615.135 for Android, which will roll out over the coming days/weeks. To check for the update, click the three dots in the top right corner of the browser and navigate to Settings > Help > About Google Chrome.