Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year.

"Google is aware that an exploit for CVE-2023-2136 exists in the wild," reads the security bulletin from the company.

The new version is 112.0.5615.137 and fixes a total of eight vulnerabilities. The stable release is available only for Windows and Mac users, with the Linux version to roll out "soon," Google says.

To start the Chrome update procedure manually to the latest version that addresses the actively exploited security issue, head to the Chrome settings menu (upper right corner) and select Help → About Google Chrome.

Otherwise, the updates are installed the next time the browser starts without requiring user intervention. Relaunching the application is required to complete the update.

CVE-2023-2136 is a high-severity integer overflow vulnerability in Skia, a Google-owned open-source multi-platform 2D graphics library written in C++.

Skia provides Chrome with a set of APIs for rendering graphics, text, shapes, images, and animations, and it is considered a key component of the browser's rendering pipeline.

Integer overflow bugs occur when an operation results in a value that exceeds the maximum for a given integer type, often leading to unexpected software behavior or having security implications.

In the context of Skia, it might lead to incorrect rendering, memory corruption, and arbitrary code execution that leads to unauthorized system access.

The vulnerability was reported by Clément Lecigne of Google's Threat Analysis Group (TAG) earlier this month.

Bleeping Computer