It was only a few days ago when Google pushed out an emergency update to Chrome for Mac that fixed a vulnerability that was actively exploited. Less than a week later, a second update has arrived to fix another flaw that exists in the wild.
The 112.0.5615.137 update for Chrome for Mac fixes eight security flaws, including at least one that may have been actively exploited. That vulnerability (CVE-2023-2136) is described as an integer overflow in Skia and is listed as a high-risk bug. Unlike Apple’s security updates, Google doesn’t disclose how the flaw was fixed.
Four other flaws are also outlined in the blog post on Google’s Chrome Releases site:
CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05
All of the flaws are listed as “high” risk except for CVE-2023-2137, which has a “medium” risk. In all, there are eight security fixes. Google says the update should be rolling to all users “over the coming days/weeks.”
To update Chrome, click on the Chrome menu, then About Chrome. Check the version number to see if it’s been updated to v112.0.5615.137. If not, wait for the update to download and click Relaunch.
For more advise about staying secure on your Mac read: How secure is a Mac and are Macs really more secure than Windows? and 10 ways to protect your Mac from malware and theft.
