Recently, Google has confirmed the discovery of 4 serious security holes in the Chrome browser. Among them is a vulnerability that was first discovered with the symbol CVE-2023-2136, which has never been reported before (zero-day). Therefore, Google issued an urgent warning to 3 billion users about the security hole and asked to immediately update the new version.
CVE-2023-2136 targets “integer overflow in Skia” – the graphics engine for Chrome, not the browser’s Javascript V8 engine like other common vulnerabilities.
When an integer value is incremented too large, beyond the storage capacity, an integer overflow occurs, which compromises security and can be exploited.
Google’s threat analysis team, until discovered there is no sign that bad guys have exploited CVE-2023-2136.
Currently, Google has released a new version of Chrome that fixes CVE-2023-2136 along with 3 other critical vulnerabilities.
To update to a new version of Chrome, users click on the menu bar of additional items (three vertical dots) in the top right corner of the browser, -> click Help -> About Google Chrome to request Chrome check for browser updates.
Finally, you restart your browser after the update is complete, for full protection. Google regularly publishes zero-day vulnerabilities in their products. This makes many people think that Chrome is less secure, but the opposite result is making this browser even more secure.