- 92/2023
- High
Google has released an updated Chrome version (112.0.5615.137/138) for Windows and (112.0.5615.137) for Mac to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code on the system, or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage.
Sample of the addressed vulnerabilities:
1. Google Chrome Code Execution Vulnerability (CVE-2023-2133):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome Integer Overflow Vulnerability (CVE-2023-2136):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
It should be highlighted that Google is aware that an exploit for “CVE-2023-2136” exists in the wild.
Vulnerabilities
- CVE-2023-2133
- CVE-2023-2134
- CVE-2023-2135
- CVE-2023-2136
- CVE-2023-2137
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.