![]() (Chromium security severity: High)Īn integer overflow is a programming error that allows an attacker to manipulate a number the program uses in a way that might be harmful. Integer overflow in Skia in Google Chrome prior to 1.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Details are generally held back to give people time to patch, without offering any clues to cybercriminals about how they might exploit the vulnerability. The exploit page for CVE-2023-2136 has few details available, as is the usual pattern followed by Google when something like this happens. The Linux version is still being worked on. This will fix eight vulnerabilities, although the update is only currently available for both Mac and Windows. At the time of writing the most recent update being offered is now 1.138. If everything has worked as it should, your version should in theory be running the latest version. ![]() Once you've downloaded the update, reload the browser and everything should be good to go. One easy way to do this is navigate to chrome://settings/help or clicking Settings > About Chrome.Ĭhrome will notify you of the version you're on and if there's an update available. It’s always good to check, especially when something bad is floating around potentially helping to compromise devices. However, this won't happen if you never close your browser, or if the update is blocked by something like a fault in an installed extension. If you’re using a standard Chrome setup then updates should be applied automatically. If you’re using Chrome on Mac, Windows, or Linux, you need to update as soon as you possibly can. The update fixes several issues, and readers are advised to ensure they're using the latest version of the browser. ![]() Google has announced an important update for Chrome to help fend off a zero-day. ![]()
0 Comments
Leave a Reply. |