Hat Tip: howtogeek.com Another Zero-Day Vulnerability Is Plaguing Chrome
Google is rolling out an emergency update for the Chrome browser on Windows and Mac. To fix a zero-day vulnerability CVE-2023-2136 the vulnerability is identified as severe. The exploit escapes the Skia (Chrome’s graphics engine) and can compromise/attack the Chrome browser. On Linux program files are by best practice not writable by a user other than root, which should require a password. Using root for normal usage is not recommended on Linux, and can open up vulnerabilities.
This is the second zero-day vulnerability this week that Chrome has had to respond to. Get the update now if you are on Windows and Mac. A Linux and or Chromebook update may roll out soon.
Get the update on Windows and Mac by going to the three-dot drop-down menu and Help, About Chrome. On Linux you should need to, (because of security policies on Linux), use sudo apt update followed by sudo apt upgrade, on your terminal screen to update your version of Chrome.
Web Sites need to be diligent
While this Zero-Day vulnerability should not affect Linux systems, the vulnerability is spread from HTML pages. Websites need to maintain security as to what HTML is posted on their sites, and use Clamav to catch and remove viruses that harm others.