It was only a few days ago when Google pushed out anemergency update to Chromefor Mac that fixed a exposure that was actively exploited . Less than a calendar week after , a second update has arrivedto fix another flaw that subsist in the wild .
The 112.0.5615.137 update for Chrome for Mac fixes eight security flaws , including at least one that may have been actively exploited . That exposure ( CVE-2023 - 2136 ) is described as an whole number overflow in Skia and is listed as a high - risk bug . Unlike Apple ’s surety update , Google does n’t disclose how the flaw was fixed .
Four other flaws are also outlined in the web log post on Google ’s Chrome Releases site :
CVE-2023 - 2133 : Out of bounds memory board access in Service Worker API . Reported by Rong Jian of VRI on 2023 - 03 - 30
CVE-2023 - 2134 : Out of bound retention access in Service Worker API . Reported by Rong Jian of VRI on 2023 - 03 - 30
CVE-2023 - 2135 : Use after free in DevTools . Reported by Cassidy Kim(@cassidy6564 ) on 2023 - 03 - 14
CVE-2023 - 2137 : Heap cushion overflow in sqlite . Reported by Nan Wang(@eternalsakura13 ) and Guang Gong of 360 Vulnerability Research Institute on 2023 - 04 - 05
All of the flaws are listed as “ high ” risk except for CVE-2023 - 2137 , which has a “ medium ” risk . In all , there are eight security localisation . Google says the update should be roll to all user “ over the coming days / weeks . ”
To update Chrome , snap on the Chrome computer menu , thenAbout Chrome . stop the version identification number to see if it ’s been updated to v112.0.5615.137 . If not , wait for the update to download and clickRelaunch .
For more advise about staying dependable on your Mac read : How unassailable is a Mac and are Macs really more secure than Windows?and10 ways to protect your Mac from malware and theft .
