In less than a week, tech giant Google has had to issue two patches for its popular Chrome browser. The first patch was for a zero-day exploit in the Chrome browser. The second patch was for another Chrome zero-day exploit that Google reported on April 18th.

The new zero-day exploit was described as an integer overflow that appeared in the Skia open-source graphics platform in Google Chrome prior to version 112.0.5615.137. This vulnerability would let a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Google issued a stable channel update with eight security fixes to version 112.0.5615.137/138 for Windows and 112.0.5615.137 for Macs, which will roll out over the coming days. A patch for Linux will come a bit later.

Skia is an open-source 2D graphics library which delivers common APIs that work across a variety of hardware and software platforms. It serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and many other products.

An integer overflow can happen if a program performs a calculation and the true answer is larger than the available space. Such integer overflows can cause a program to use incorrect numbers and respond in unintended ways, which are then open to exploitation by attackers.

Chrome is the most broadly used web browser by a considerable margin, which makes it a natural target for threat actors.

Google has been quick to patch Chrome when issues come up. While it seems there have been a lot of Chrome vulnerabilities of late, it is part of the usual ebb and flow and not the result of long-term issues in Chrome.

Browser-based vulnerabilities are an attractive target for malicious actors, given that they are installed everywhere and used frequently.

Users are advised to update their Chrome browser to the latest version to protect against these vulnerabilities.