Chrome gets its second emergency patch in a week
Resist the urge to push that update back, because this isn’t something that you should ignore. Like last week’s bug, it’s being actively exploited “in the wild,” according to Google’s post on the Chrome Releases page. (via Bleeping Computer). Unlike the other security bugs fixed in this update, which were reported by members of the Vulnerability Research Institute and paid out in $20,000 of total bug bounties, the critical flaw was discovered by Clément Lecigne of Google’s Threat Analysis Group.
It’s been exactly one week since the CVE-2023-2136 bug was identified, which is a pretty good turnaround for a company that’s larger in dollar terms than several countries. Details on exactly how the bug is being exploited aren’t available — presumably Google doesn’t want anyone else joining in on whatever they’ve seen happening in the wild.