Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Google on Friday released an out-of-band update to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first bug to be addressed since the start of the year.
tracked as CVE-2023-2033a vulnerability with a high degree of severity is described as a kind of confusion problem in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been entrusted with reporting the issue on April 11, 2023.
“Type obfuscation in V8 on Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit stack corruption via generated HTML pages,” according to to the National Vulnerability Database (NVD) NIST.
Tech giant acknowledged that “an exploit for CVE-2023-2033 exists in the wild”, but stopped short of sharing additional technical specifications or compromise indicators (IoC) to prevent further exploitation by threat actors.
CVE-2023-2033 also appears to share similarities with CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262 – four actively abused type confusion flaws in V8 that were fixed by Google in year 2022.
Master the Art of Dark Web Intelligence Gathering
Learn the art of extracting threat intelligence from the dark web – Join this expert-led webinar!
Google closed a total of nine days zero in Chrome last year. The development comes days after Citizen Lab and Microsoft disclosed an exploit of a now-patched vulnerability in Apple iOS by a customer of a shadowy spyware vendor named QuaDream to target journalists, political opposition figures and NGO workers in 2021.
Users are advised to upgrade to version 112.0.5615.121 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi are also advised to apply the fix when it becomes available.
