Important Notice: Security vulnerabilities of Google Chrome browser (updated at 21st April 2023)
關於 Google Chrome 瀏覽器的安全漏洞通告 (更新於 2023年4月21日)
資訊安全警示 Information Security Alert
To: All Users
As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have recently issued multiple security vulnerabilities about Chrome browser, among which the (CVE-2023-2136) vulnerability has been exploited . Attackers can use this vulnerability to induce users to open malicious links and execute the remote code.
Related vulnerabilities
- CVE-2023-2133 & CVE-2023-2134
An out-of-bounds read vulnerability exists in the Server Worker API component.
- CVE-2023-2135
A use-after-free vulnerability in DevTools component.
- CVE-2023-2136
An integer overflow vulnerability in Skia component.
- CVE-2023-2137
A heap-based buffer overflow vulnerability in Sqlite component.
Affected Products:
- Google Chrome version lower than 112.0.5615.137
For more details, please refer to: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Mitigation
If the above-mentioned affected products are being used, please update the Google Chrome browser as soon as possible.
Steps to update Google Chrome browser
- Open your Google Chrome browser on your desktop.
- Click the three vertical dots in the upper right corner to open the dropdown menu.
- Select “Settings“.
- Click “About Chrome” on the left-hand sidebar.
- Chrome will automatically check for updates or you can click the button “Update Google Chrome”.
- Restart the Chrome.
Reference
- How to download and install software in a secure manner?
- Basic Knowledge of Online Safety and Security
- Other Information Security Tips
Should you have any enquiries, please feel free to contact ICTO Help Desk.
ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo
Information and Communication Technology Office
各位用戶:
資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Google官方 近日發出有關於 Chrome 瀏覽器的多個安全漏洞,其中(CVE-2023-2136)漏洞已被開發利用,攻擊者可通過誘導使用者打開惡意連結來利用此漏洞,繼而執行遠程代碼。
相關漏洞詳情
- CVE-2023-2133 & CVE-2023-2134
Service Worker API組件中存在越界讀取漏洞。
- CVE-2023-2135
DevTools組件中存在釋放後重用漏洞。
- CVE-2023-2136
Skia組件中存在整數溢出漏洞。
- CVE-2023-2137
Sqlite組件中存在堆緩衝區溢出漏洞。
受影響版本為:
-
Google Chrome 版本低於 112.0.5615.137
有關詳情可參考:https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
處置要求
- 倘有使用上述受影響產品,須盡快更新Google Chrome瀏覽器。
更新Google Chrome瀏覽器”步驟
- 在電腦上開啟 Chrome;
- 按下右上方的 [更多](垂直三點圖示) ;
- 按下 [設定] ;
- 在左方菜單,按下[關於 Google Chrome];
- Chrome瀏覽器會自動進行更新,或可手動按下 [更新 Google Chrome] 進行更新;
- 重新啟動Chrome瀏覽器。
參考資料
如有任何疑問,請聯絡資訊及通訊科技部服務中心。
服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo
資訊及通訊科技部