The first such problem to be fixed since the year’s beginning, Google fixed an actively exploited zero-day vulnerability in its Chrome web browser on Friday by releasing out-of-band upgrades.
The high-severity vulnerability tracked as CVE-2023-2033 has been identified as a misunderstanding problem in the V8 JavaScript engine. On April 11, 2023, Clement Lecigne of Google’s Threat Analysis Group (TAG) was credited for reporting the issue.
“Type confusion in V8 in Google Chrome before 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” according to the National Vulnerability Database (NVD) of NIST.
The tech giant admitted that “an exploit for CVE-2023-2033 exists in the wild.” Still, it refrained from disclosing additional technical details or indications of compromise (IoCs) to discourage threat actors from abusing the vulnerability.
In addition, CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262, four other actively exploited type confusion problems in V8 that were fixed by Google in 2022, appear to be related to CVE-2023-2033.
Nine zero days in Chrome were successfully closed down by Google last year. The news comes days after Citizen Lab and Microsoft revealed that customers of the shady spyware vendor QuaDream were using a hole in Apple iOS that has since been patched to target journalists, members of the political opposition, and an employee of an NGO in 2021.
Here you can check some trending news:
- Twitter’s Ex-CEO Vs Elon Musk: Twitter Execs File Lawsuit for $1 Million in Unpaid Legal Fees
- Revolutionizing Data Science with Synthetic Data Techniques
To reduce potential dangers, users must update version 112.0.5615.121 for Windows, macOS, and Linux. As soon as the solutions become available, users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are encouraged to install them.