Just a few days ago, Google released an emergency update to Chrome for Mac that fixed a vulnerability that was being actively exploited. Less than a week later, there’s a second update to fix another bug in the wild.
The 112.0.5615.137 update to Chrome for Mac fixes eight security flaws, including at least one that may have been actively exploited. That vulnerability (CVE-2023-2136) is described as an integer overflow in Skia and is listed as a high risk bug. Unlike Apple’s security updates, Google doesn’t disclose how the flaw was fixed.
Four other shortcomings are also described in the blog post on Google’s Chrome Releases site:
CVE-2023-2133: Memory access out of range in Service Worker API. Reported by Rong Jian of VRI on 3/30/2023
CVE-2023-2134: Memory access out of range in Service Worker API. Reported by Rong Jian of VRI on 3/30/2023
CVE-2023-2135: Then use for free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 3/14/2023
CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 05/04/2023
All flaws are listed as “high” risk, except CVE-2023-2137, which has “medium” risk. There are eight security solutions in total. Google says the update should roll out to all users “in the coming days/weeks”.
To update Chrome, click the Chrome menu and then click About Chrome. Check the version number to see if it has been updated to v112.0.5615.137. If not, wait for the update to download and click Restart.
For more advice on staying safe on your Mac, read: How Secure Is a Mac, and Are Macs Really More Secure Than Windows? and 10 ways to protect your Mac from malware and theft.