Google has pushed out an update for its Chrome browser to patch up a serious vulnerability.
This is a fix for a zero-day security flaw (CVE-2023-2136), so it's been deployed in a fair old hurry by Google, which acknowledged that it was aware that an exploit for the vulnerability exists in the wild (meaning malicious actors out there have already leveraged this flaw to their advantage).
Bleeping Computer reports that running the new version of Chrome, 112.0.5615.137 (or 138), ensures that this problem is cured, and indeed a bunch of other vulnerabilities - eight of them in total.
One thing to be aware of here is that the fixes are now in place for those running Windows and Mac systems, but not Linux. The latter platform will be addressed soon, we're told, and given the now wide knowledge of the flaw, we'd imagine Google won't hang about.
If you want to make sure the patch is applied now, head to Chrome, go into Settings, and then select About Chrome at the bottom of the left-side menu. At that point, Chrome will update itself to the latest version (if it hasn't already - if it has done so, you'll see that it says you're running 112.0.5615.137/138).
Note that after the update process has finished, you'll need to close the browser and reopen it for the change to be applied. At any rate, even if you don't check in Settings, Chrome will update itself automatically when you shut it down (if a new version of the browser is available, of course).
This is a bit embarrassing for Google seeing as this new flaw is not the first zero-day to blight its browser this month. Indeed, just last week there was another zero-day that reared its ugly head and needed an emergency patch to be dealt with (that was CVE-2023-2033).
All in all, then, it's not been a great past week for Chrome on the security front. We haven't yet had the full details spilled on either of these flaws yet, and how they might have been exploited, because as Google reminds us: "Access to bug details and links may be kept restricted until a majority of users are updated with a fix."
Obviously the company doesn't want to arm any parties interested in these flaws for the wrong reasons with any information that could prove useful, because that would be quite an own goal.
Hopefully that's the last zero-day we'll see hit Chrome for some time, but we wouldn't bank on it. That's two zero-days so far for 2023, but last year, Google's browser witnessed nine of them.