The 112.0.5615.137 update for Chrome for Mac fixes eight safety flaws, together with at the least one that will have been actively exploited. That vulnerability (CVE-2023-2136) is described as an integer overflow in Skia and is listed as a excessive-danger bug. Not like Apple’s safety updates, Google doesn’t disclose how the flaw was fastened.
4 different flaws are additionally outlined in the weblog publish on Google’s Chrome Releases website:
CVE-2023-2133: Out of bounds reminiscence entry in Service Employee API. Reported by Rong Jian of VRI on 2023-03-30
CVE-2023-2134: Out of bounds reminiscence entry in Service Employee API. Reported by Rong Jian of VRI on 2023-03-30
CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Analysis Institute on 2023-04-05
All of the flaws are listed as “excessive” danger besides for CVE-2023-2137, which has a “medium” danger. In all, there are eight safety fixes. Google says the update must be rolling to all customers “over the coming days/weeks.”
To update Chrome, click on on the Chrome menu, then About Chrome. Examine the model quantity to see if it’s been up to date to v112.0.5615.137. If not, wait for the update to obtain and click on Relaunch.