Google on Friday launched out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome net browser, making it the primary such bug to be addressed for the reason that begin of the 12 months.
Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a kind confusion situation within the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the problem on April 11, 2023.
“Type confusion in V8 in Google Chrome previous to 112.0.5615.121 allowed a distant attacker to probably exploit heap corruption by way of a crafted HTML web page,” in accordance to the NIST’s National Vulnerability Database (NVD).
The tech large acknowledged that “an exploit for CVE-2023-2033 exists within the wild,” however stopped wanting sharing extra technical specifics or indicators of compromise (IoCs) to forestall additional exploitation by menace actors.
CVE-2023-2033 additionally seems to share similarities with CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262 – 4 different actively abused kind confusion flaws in V8 that have been remediated by Google in 2022.
Master the Art of Dark Web Intelligence Gathering
Learn the artwork of extracting menace intelligence from the darkish net – Join this expert-led webinar!
Google closed out a complete of 9 zero days in Chrome final 12 months. The growth comes days after Citizen Lab and Microsoft disclosed the exploitation of a now-patched flaw in Apple iOS by clients of a shadowy spy ware vendor named QuaDream to focus on journalists, political opposition figures, and an NGO employee in 2021.
Users are really useful to improve to model 112.0.5615.121 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers equivalent to Microsoft Edge, Brave, Opera, and Vivaldi are additionally suggested to use the fixes as and after they develop into obtainable.