Home / Threat Intelligence bulletins / Patch released for exploited Google Chrome zero-day vulnerability

Target Industry

Indiscriminate, opportunistic targeting.


Google has released a security patch for an exploited zero-day vulnerability, tracked as CVE-2023-2136, which is a high-severity integer overflow vulnerability in Skia, Google’s open-source 2D graphics library.

Integer overflow flaws arise when an operation results in a value that exceeds the maximum for a given integer type.


Successful exploitation of CVE-2023-2136 could allow a remote threat actor to perform a sandbox escape via a crafted HTML page. This could result in memory corruption and code execution, ultimately leading to target system access.

Vulnerability Detection

Google has released the required security patch for the vulnerability of the respective product version. As such, previous versions are vulnerable to potential exploit.

Affected Products

– Google Chrome prior to 112.0.5615.137

Containment, Mitigations & Remediations

It is strongly recommended that Google Chrome users update to version 112.0.5615.137. It should be noted that this update is only available for Windows and macOS system users. Google has stated that the Linux version will be released in due course.

To initiate the Chrome update procedure, navigate to the “Chrome settings” > select “Help”. select “About Google Chrome”. If this is not performed manually. To complete the update requires relaunching the application.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available at this time.

Threat Landscape

Google Chrome has a significant portion of the browser market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Google Chrome has become a prime target. Due to the fact that the Chrome browser has become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within the product in an attempt to extract the sensitive data contained therein.

Google recently released an additional Chrome update which addressed CVE-2023-2033, making this vulnerability the second actively exploited vulnerability in the Chrome browser in 2023.

Threat Group

No attribution to specific threat actors or groups have been identified at the time of writing.

Mitre Methodologies

TA0005 – Defense Evasion

TA0007 – Discovery

Defense Evasion and Discovery Technique:
T1497 – Virtualization/Sandbox Evasion

Further Information

Google Advisory

Intelligence Terminology Yardstick