Multiple Vulnerabilities (CVE-2023-2133~CVE-2023-2137) Exist in Google Chrome, Microsoft Edge, Brave, and Vivaldi Could Allow for Arbitrary Code Execution

SECURITY ALERTS

Multiple Vulnerabilities (CVE-2023-2133~CVE-2023-2137) Exist in Google Chrome, Microsoft Edge, Brave, and Vivaldi Could Allow for Arbitrary Code Execution

DESCRIPTION:
Multiple vulnerabilities (CVE-2023-2133~CVE-2023-2137) exist in Google Chrome, Microsoft Edge, Brave, and Vivaldi which are based on Chromium. The vulnerabilities exist due to integer overflow, Out of Bounds Memory Read, Use After Free, and Heap Buffer Overflow. The vulnerability(CVE-2023-2136) is being actively exploited in the wild, a remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.

AFFECTED RELEASES:
Google Chrome prior to 112.0.5615.137
Microsoft Edge prior to 112.0.1722.54
Brave prior to 1.50.121
Vivaldi prior to 6.0.2979.15

SOLUTION:
Upgrade to at least Google Chrome 112.0.5615.137 by following steps:
1. Open the Google Chrome browser.
2. Enter “chrome://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Chrome.
3. After Chrome is updated, click the “RELAUNCH” option to restart Chrome and complete the update.

Upgrade to at least Microsoft Edge 112.0.1722.54 by following steps:
1. Open the Microsoft Edge browser.
2. Enter “edge://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Edge.
3. After Edge is updated, click the “RELAUNCH” option to restart Edge and complete the update.

Upgrade to at least Brave 1.50.121 by following steps:
1. Open the Brave browser.
2. Enter “brave://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Brave.
3. After Brave is updated, click the “RELAUNCH” option to restart Brave and complete the update.

Upgrade to at least Vivaldi 6.0.2979.15 by following steps:
1. Open the Vivaldi browser.
2. Click Vivaldi menu button > Help > Check for Updates.
3. When an update is available, click on Install Update in the bottom right corner to complete updating Vivaldi.

REFERENCE:
1. https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html?m=1
2. https://www.cybersecurity-help.cz/vdb/SB2023042011
3. https://www.ithome.com.tw/news/156486
4. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2136
5. https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
6. https://brave.com/latest/
7. https://vivaldi.com/blog/desktop/minor-update-6-0/