Google has set zero days in Chrome for the second time in a short time. The vulnerability is an integer overflow in Skia’s text rendering that allowed sandbox escaping. Google says this exploit has been used in the wild.

Google has implemented a bug fix in Chromium. For Chrome, the fix is ​​in the stable channel. These are builds 112.0.5615.137/138 for Windows and 112.0.5615.137 for macOS. in the update A total of eight vulnerabilities have been fixed. Five of these were put forward by outside researchers. In one case it was zero day.

This zero-day is precisely the weak point CVE-2023-2136, an integer overflow in the Skia repository. Skia is an engine used in Chromium for rendering text. Vulnerability is rated as high risk. According to Google, an attacker can escape the sandbox with an exploit on a specially prepared HTML page. Many other fixed bugs are also at high risk. This includes two Out of boundsMemory vulnerabilities that were present in the Service Worker API and Use after free in development tools.

As usual, Google does not provide any additional information about how the vulnerability was exploited in the wild. This is the second time in a short time that the company has fixed an actively exploited bug in the popular browser. This also happened on Saturday, and it is not known if there is a match between the two faults.