Google released out-of-band updates on Friday to fix an actively exploited zero-day vulnerability in its Chrome web browser, marking the first time since the start of the year that such a flaw has been addressed.
The high-severity vulnerability, identified as CVE-2023-2033, is a type of confusion issue in the V8 JavaScript engine. On April 11, 2023, Clement Lecigne of Google’s Threat Analysis Group (TAG) is attributed with reporting the vulnerability.
“Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a specially crafted HTML page,” according to the National Vulnerability Database (NVD) of the National Institute of Standards and Technology (NIST).
The tech titan acknowledged that “an exploit for CVE-2023-2033 exists in the wild,” but refrained from providing further technical details or indicators of compromise (IoCs) to prevent further exploitation by threat actors.
Google remedied four other actively exploited type confusion vulnerabilities in V8 in 2022: CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262.
Google closed nine zero days in Chrome in the past year. The development comes days after Citizen Lab and Microsoft disclosed that customers of a clandestine spyware vendor named QuaDream exploited a now-patched vulnerability in Apple iOS to target journalists, political opposition figures, and an NGO worker in 2021.
Users are advised to upgrade to version 112.0.5615.121 for Windows, macOS, and Linux in order to prevent potential security risks. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also implement the updates as soon as they become available.
Must Read: Best Budget Smartphone In India Reviews & Buying Guide
