September 12,2025 5:57 PM
Follow us on:
Search site...

Google Chrome Releases Patch to Address Another Zero-Day Vulnerability

April 21, 2023
Security Strategy, Vulnerabilities

Google has announced an update to the stable and extended stable channels of its Chrome browser for desktop. The update includes version 112.0.5615.137/138 for Windows, 112.0.5615.137 for Mac, and 112.0.5615.165 for Linux. The rollout of these updates is expected to occur over the coming days and weeks, as noted in the official Chrome Releases blog post.

The update includes a total of eight security fixes, several of which were highlighted in the announcement due to their contributions by external researchers. Among the notable security fixes are:

  • High CVE-2023-2133: An out-of-bounds memory access vulnerability in the Service Worker API, reported by Rong Jian of VRI on March 30, 2023. (Reward: $8,000)
  • High CVE-2023-2134: A similar out-of-bounds memory access vulnerability in the Service Worker API, also reported by Rong Jian of VRI on March 30, 2023. (Reward: $8,000)
  • High CVE-2023-2135: A use-after-free vulnerability in Chrome’s DevTools, reported by Cassidy Kim (@cassidy6564) on March 14, 2023. (Reward: $3,000)
  • High CVE-2023-2136: An integer overflow vulnerability in Skia, reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023. (Reward: Not Applicable)
  • Medium CVE-2023-2137: A heap buffer overflow vulnerability in SQLite, reported by Nan Wang (@eternalsakura13) and Guang Gong of the 360 Vulnerability Research Institute on April 5, 2023. (Reward: $1,000)

As part of Google’s commitment to securing its Chrome browser, the company has rewarded external researchers with monetary bounties for reporting the vulnerabilities.

Google Chrome has been grappling with a series of zero-day vulnerabilities, with the latest patch addressing the second zero-day exploit discovered in the last week, CVE-2023-2033. The zero-day vulnerability, identified as CVE-2023-2136, is a bug in Skia, Chrome’s graphics engine. The vulnerability allows a remote attacker to “perform a sandbox escape via a crafted HTML page,” essentially enabling an attacker to compromise the graphics engine and then escape it to attack the host—the Chrome browser itself. Google is aware of at least one exploit of CVE-2023-2136 in the wild, making it crucial for users to update Chrome as soon as possible.

Jane Leok Contributor

Related posts