It seems like it was just yesterday that we told you to update Google Chrome because of a zero-day flaw being exploited. But we promise it wasn’t — it was five days ago.
According to Bleeping Computer, Google has now updated a second zero-day vulnerability. This is based on an update from Google yesterday (April 18) that fixes an exploit for CVE-2023-2136, which is a “high-severity integer overflow” exploit.
Integer overflows are when a computer program performs a calculation that results in an answer larger than the available space. This results in the program providing incorrect numbers, which can cause the program to behave erratically. This is what attackers are able to exploit — the erratic behavior.
This particular vulnerability occurs in Skia, which is an open-source 2D graphics library owned by Google and used in Chrome. Practically, it is used to give Chrome the ability to render “graphics, text, shapes, images, and animations.” So it is a key component of how the web browser operates.
Unfortunately, we don’t know much beyond that in terms of how the exploit works. Google’s standard operating procedure for these bugs is to identify them and fix them. They typically don’t divulge much information about the bug if it is being actively exploited.
The good news is that there is an easy way to keep yourself safe — download the latest update. The Stable Channel Update for Desktop - 112.0.5615.137 fixes CVE-2023-2136 along with seven other fixes and is currently available for Windows and macOS users. A Linux update is expected to come soon according to Google.
Google’s second zero-day fix in a week
Of course, this isn’t the first time we’ve reported a zero-day flaw on Chrome recently. Last week we reported on exploit CVE-2023-2033, which Google has also subsequently released an update for.
Again, because this is an actively exploited bug, Google didn’t release many details on the exploit. All we know is that it is a type confusion exploit in the Chrome V8 Javascript engine. These exploits can lead to memory access outside the normal bounds of the program.
While it’s certainly scary to see these exploits found in quick succession, the good news is this is only the second such exploit this year. So hopefully, it is just a weird coincidence that they were found so close together rather than a sign that Chrome is more vulnerable than usual.
How to keep your browser protected from hackers
The most important thing you can do when these flaws are discovered is to update your browser. Regularly updating your browser won’t keep you necessarily safe from everything, but it will keep you as safe as possible.
If you haven’t installed the latest update yet, you should see a bubble next to your profile picture in Chrome. This bubble is color-coded based on how long it has been since the update became available. Green means it's just two days old, orange means it's now a four-day-old update and red means that the update is at least a week old. Don’t let it get to red.
To download the latest version of Chrome, all you need to do is click on the bubble. If you do that, Chrome will install the update the next time you relaunch your browser.
You can also manually update Chrome. To do this, just click on the three dots next to your profile picture, then click Help and then click About Google Chrome. This takes you to Chrome’s settings page where you can check to see if you’re running the latest version of Chrome.
Keeping your browser up to date is essential to protecting your computer from malware and other viruses. But you also want to install the best antivirus software on your PC or the best Mac antivirus software on your Apple computer to make sure all your bases are covered.
More from Tom's Guide
