Google has released urgent Chrome security updates to fix an actively exploited zero-day flaw in its Chrome web browser.

The released security updates are for Google Chrome users on Windows, macOS, and Linux, which include zero-day vulnerability:

• CVE-2023-2136: is a high-severity integer overflow vulnerability in Skia, a Google-owned open-source multi-platform 2D graphics library written in C++.

Security Risks

Successful exploitation of the identified vulnerabilities, in outdated Chrome browser version, could allow a remote attacker exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed software in order to continue receiving technical support and security patches.

The released software versions to upgrade to are:

• Chrome 112.0.5615.137/138 for Windows

• Chrome 112.0.5615.137 for Mac

• Chrome 112.0.5615.165 for Linux

2. Before performing any update tasks, ensure that you have a backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009

References

Stable Channel Update

Chrome Releases