
Today, Google released emergency fixes to address a high-severity zero-day flaw that is actively being exploited. The flaw, CVE-2023-2136, is a case of integer overflow in Skia, an open source 2D graphics library. Google's Threat Analysis Group (TAG) discovered and reported the flaw on April 12, 2023. According to the National Vulnerability Database (NVD), "Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page." This is the second Chrome zero-day vulnerability to be exploited by malicious actors this year. Google recommends that users upgrade to version 112.0.5615.137 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.