Google has released another security update for Chrome 112 for Windows, Linux, and Mac to address the second high-severity zero-day vulnerability in a week's time. The update addresses a total of 8 vulnerabilities, the most severe of which could lead to arbitrary code execution. This could give an attacker full system access and, depending on the privileges of the compromised, user allow them access to installed programs and compromise sensitive data. We have added a new report to your Lansweeper installation to help you find potentially vulnerable installs of Google Chrome.
Chrome 112 Vulnerability CVE-2023-2136
The new security update includes 8 security fixes. The most important one is for an integer overflow vulnerability in Skia, a Google-owned open-source multi-platform 2D graphics library. The issue, tracked as CVE-2023-2136, could lead to arbitrary code execution in the context of the logged-on user. This would allow them to install programs; view, change, or delete data; or create new accounts with full user rights, depending on the privileges associated with the compromised user. There are already reports of this issue being exploited in the wild.
Update Vulnerable Google Chrome Installations
As always, Google is not releasing any further details about the vulnerability in Chrome 112 yet. This way they hope to prevent further exploitation until a majority of users have had a chance to update to the fixed version. You are advised to update all Google Chrome installations to the new version as soon as possible. That is 112.0.5615.137/138 for Windows, 112.0.5615.137 for Mac, and 112.0.5615.165 for Linux. You can find more information about the security update on Google's release page.
Discover Vulnerable Chrome Installs
Our team has put together a report to help you locate any vulnerable Google Chrome installations. It gives you a list of all computers in your network that are not running the latest version of Chrome 112 yet. This way you have an actionable list of installs that are still at risk and you can take action accordingly. You can get to the report via the link below.