Unknown security vulnerabilities have been discovered in Chrome browser. Google warns 3 billion users to update to the new version immediately.

Users need to update Chrome immediately. Photo: Security Week

In a blog post on April 18, Google confirmed the discovery of four serious security vulnerabilities in the Chrome browser, of which the vulnerability with the code CVE-2023-2136 is a type discovered for the first time, never announced before (zero-day).

Unlike other recent zero-day vulnerabilities, CVE-2023-2136 does not target the browser’s V8 Javascript engine. Google identified the issue as an “integer overflow in Skia,” the graphics engine for Chrome.

Integer overflow occurs when an integer value is increased so much that it exceeds its storage capacity, compromising security and potentially being exploited.

Google's threat analysis team discovered the new vulnerability but no patch was available before the first reports of CVE-2023-2136 being exploited.

In the official announcement, Google released a new version of Chrome that patches CVE-2023-2136 along with three other critical vulnerabilities.

To enable the update, users need to click on the add-ons menu bar (three vertical dots) in the top right corner of the browser, then click Help > About Google Chrome.

This will prompt Chrome to check for browser updates. Once the update is complete, restart your browser to be fully protected.

A day after releasing the patch, enough time for most users to update their browsers, Google released more technical details about the vulnerabilities.

According to Forbes, Google is a company that regularly discloses zero-day vulnerabilities in its products. Many people may think that this activity makes Chrome less secure. However, the opposite is true.

Chrome is based on the Chromium engine, as are many other competing browsers. Similar security vulnerabilities affect all of these variants, but only Google discloses them consistently.

According to Zing