Google has implemented an emergency update against the zero-day vulnerability of Chrome's V8 JavaScript engine, and it has already been exploited for attacks
On April 14, 2023, Google released an emergency update on Google Chrome's
Chrome Releases: Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
Google Chrome emergency update fixes first zero-day of 2023
Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Of the two vulnerabilities that Google addressed in this update, the most important one is 'CVE-2023-2033' identified by Google's Threat Analysis Group (TAG).
This bug found in the open source JavaScript engine ``
Typically, reading or writing memory beyond the bounds of a buffer crashes the browser, but threat actors can also exploit this flaw to execute arbitrary code on the targeted device. is.
According to the National Vulnerability Database, operated by the National Institute of Standards and Technology (NIST), ``A type confusion in V8 of Google Chrome prior to version 112.0.5615.121 can be exploited by a remote attacker via a specially crafted HTML page. can cause heap corruption .'
Google said, 'We are aware that the CVE-2023-2033 exploit exists in the wild,' and acknowledged that this vulnerability has already been exploited. However, technical details have been withheld to prevent further damage.
Chrome version 112.0.5615.121 for Windows, macOS, and Linux that addresses 'CVE-2023-2033' has been released on the Stable Desktop channel and will be rolled out to all users in the coming days and weeks. You can also update from 'About Chrome' on the Google settings screen.
Since this vulnerability is for Chromium, the cybersecurity news site The Hacker News said, ``Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi will be notified as soon as a fix is available. , it is recommended to apply it.'
Related Posts: