Google Chrome has been having a rough week. Google just released a patch for the second zero-day exploit in the last week. This one is apparently being actively exploited online, so you should update Chrome immediately to protect yourself.
Google is rolling out an emergency update for the Chrome browser, fixing a zero-day vulnerability identified as severe with the number CVE-2023-2136. Basically, it’s a bug in Skia (Chrome’s graphics engine) that allows a remote attacker to “perform a sandbox escape via a crafted HTML page” by compromising it. In layman’s terms, this means that an attacker could compromise the engine and, from there, escape the engine and compromise/attack the host (the Chrome browser).
As you might imagine, it’s quite a severe issue. It was first reported by Clément Lecigne of Google’s Threat Analysis Group a little over a week ago. While we’re not aware of how it’s being exploited in the wild, Google is aware of at least one exploit going around. As such, you should still update Chrome as soon as you can, in order to ensure your online experience is as secure as it can possibly be.
Those on Windows and Mac can get the update now, while it might take a few hours (or days) to roll out to other platforms, including Linux.
Source: Google
Via: PCWorld