To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have recently issued multiple security vulnerabilities about Chrome browser, among which the (CVE-2023-2136) vulnerability has been exploited . Attackers can use this vulnerability to induce users to open malicious links and execute the remote code. 

Related vulnerabilities

• CVE-2023-2133 & CVE-2023-2134

An out-of-bounds read vulnerability exists in the Server Worker API component. 

• CVE-2023-2135

A use-after-free vulnerability in DevTools component.

• CVE-2023-2136

An integer overflow vulnerability in Skia component.

• CVE-2023-2137

A heap-based buffer overflow vulnerability in Sqlite component.

Affected Products:

• Google Chrome version lower than 112.0.5615.137

For more details, please refer to: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html

Mitigation
If the above-mentioned affected products are being used, please update the Google Chrome browser as soon as possible.

Steps to update Google Chrome browser

• Open your Google Chrome browser on your desktop.
• Click the three vertical dots in the upper right corner to open the dropdown menu.
• Select “Settings“.
• Click “About Chrome” on the left-hand sidebar.
• Chrome will automatically check for updates or you can click the button “Update Google Chrome”.
• Restart the Chrome.

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office