Google has released a fix for a previously unknown vulnerability called CVE-2023-2033. The company released on Friday notification about safety with a warning: “Google is aware that the CVE-2023-2033 exploit exists in the real world“.
Image source: Pixabay
Google has warned that hackers are actively exploiting a serious zero-day vulnerability in the software to target users. Currently, Google describes this as a “Type Confusion” error in the browser’s V8 JavaScript engine.
A type error is usually due to the software not validating the resource, which opens an opportunity for access to other processes in the program. This can include reading or writing memory outside of the usual bounds in program code. Therefore, the vulnerability could be particularly severe, especially when it comes to JavaScript, which is widely used on websites. Historically, hackers have used type confusion errors to run malicious code on computers, sometimes through a website or link.
Google discovered the flaw thanks to Clément Lecigne, a security researcher on the company’s threat intelligence team, which tracks elite hackers and discovers zero-day vulnerabilities.
The company’s patch ships in Chrome version 112.0.5615.121. A Chrome refresh button should appear in the top-right corner of the browser. Otherwise, click the About Chrome tab to get the update automatically, or visit the Google Support page (opens in a new window) to learn how to download the patches. CVE-2023-2033 is the first zero-day vulnerability found in Chrome this year.
Add Comment