Just a few days ago, Google released an emergency update to Chrome for Mac that fixed an actively exploited vulnerability. Less than a week later, a second update arrived to fix another flaw that exists in the wild.
Update 112.0.5615.137 for Chrome for Mac fixes eight security flaws, at least one of which may have been actively exploited. This vulnerability (CVE-2023-2136) is described as an integer overflow in Skia and is listed as a high-risk bug. Unlike Apple’s security updates, Google does not disclose how the flaw was fixed.
Four other flaws are also described in the blog post on the Google Chrome Releases site:
CVE-2023-2133: Memory access out of bounds in Service Worker API. Reported by VRI’s Rong Jian on 2023-03-30
CVE-2023-2134: Memory access out of bounds in Service Worker API. Reported by VRI’s Rong Jian on 2023-03-30
CVE-2023-2135: Use after free in DevTools. Posted by Cassidy Kim (@cassidy6564) on 2023-03-14
CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05
All flaws are listed as “high” risk, except for CVE-2023-2137, which is “medium” risk. In all, there are eight security patches. Google says the update should be released to all users “over the next few days/weeks.”
To update Chrome, click on the Chrome menu, then About Chromium. Check the version number to see if it has been updated to v112.0.5615.137. Otherwise, wait for the update to download and click To restart.
For more tips on keeping your Mac secure, read: How secure is a Mac and are Macs really more secure than Windows? and 10 ways to protect your Mac from malware and theft.
