Chrome 内核浏览器紧急发布了高危漏洞通知。
谷歌发出紧急警告,要求立即更新浏览器,以避免 0day 漏洞的攻击。这种 0day 漏洞已经在互联网攻击中被发现,影响 Chrome 浏览器,攻击者可以远程控制用户的系统。这个漏洞被分类为高危安全漏洞,影响Windows、macOS 和 Linux 系统上所有版本的 Chrome 内核浏览器。包括但不限于 Chrome、Microsoft Edge、Brave Browser、Arc Browser 等。
稳定版的 Windows 版本已更新到 112.0.5615.137/138,Mac 版本已更新到 112.0.5615.137,Linux 版本已更新到 112.0.5615.165。请尽快更新浏览器版本。
以下是 CVE 漏洞编号
[$8000][1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
[$8000][1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
[$3000][1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
[$NA][1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-12
[$1000][1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05
漏洞披露的细节请参考 issue