Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

News

Apr 15, 2023Ravie LakshmananZero-Day / Browser Security

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year.

Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the issue on April 11, 2023.

“Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” according to the NIST’s National Vulnerability Database (NVD).

The tech giant acknowledged that “an exploit for CVE-2023-2033 exists in the wild,” but stopped short of sharing additional technical specifics or indicators of compromise (IoCs) to prevent further exploitation by threat actors.

CVE-2023-2033 also appears to share similarities with CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262 – four other actively abused type confusion flaws in V8 that were remediated by Google in 2022.

UPCOMING WEBINAR

Master the Art of Dark Web Intelligence Gathering

Learn the art of extracting threat intelligence from the dark web – Join this expert-led webinar!

Save My Seat!

Google closed out a total of nine zero days in Chrome last year. The development comes days after Citizen Lab and Microsoft disclosed the exploitation of a now-patched flaw in Apple iOS by customers of a shadowy spyware vendor named QuaDream to target journalists, political opposition figures, and an NGO worker in 2021.

Users are recommended to upgrade to version 112.0.5615.121 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

Leave a Reply

Your email address will not be published. Required fields are marked *