Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-Day Vulnerability in Google Chrome
Alerts

Active Exploitation of Zero-Day Vulnerability in Google Chrome

20 April 2023

Google has released a security update to address a zero-day vulnerability (CVE-2023-2136) in Skia, a Google-owned open-source multi-platform 2D graphics library written in C++. The vulnerability is reportedly being actively exploited.

Successful exploitation of the integer vulnerability could lead to incorrect rendering, memory corruption, and arbitrary code execution, allowing attackers to gain unauthorised system access.

Users of Chrome browsers are advised to upgrade their browser to version 112.0.5615.137 for macOS and versions 112.0.5615.137/138 for Windows as soon as possible. 

Users are also encouraged to enable automatic updates in Chrome browser to ensure that their software is updated promptly.

More information is available here:

https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html

https://www.bleepingcomputer.com/news/security/google-patches-another-actively-exploited-chrome-zero-day/

Back to top