Google Chrome Zero-Day Bug Actively Exploited in Wide


Google released new security updates for actively exploited Chrome zero-day vulnerability that allows attackers to execute an arbitrary code to take complete control of the system remotely using the exploit in the Wild.

Google fixed its first and actively exploited zero-day this year, and it is a stable and extended channel update and released a new version, Chrome 112.0.5615.121, for Windows, Mac, and Linux.

In this update, Google issued a patch for 2 vulnerabilities, and the details remain undisclosed until most users get the patch.

CVE-2023-2033 is a Type Confusion in V8 vulnerability categorized as high severity. The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11, Clement already found the same type of vulnerability (CVE-2022-4262) last year, and the patch was issued in December.

EHA

“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” Google says.

Chrome Zero-day Bug Details – CVE-2023-2033

A high-severity type Confusion vulnerability in the V8 Javascript engine affects all the Chrome versions that allow attackers to exploit the bug remotely by executing arbitrary code.

Successful exploitation of this zero-day bug leads to browser crashes by reading or writing memory out of buffer bounds.

Type confusion in V8 in Google Chrome before 112.0.5615.121 allowed a remote attacker to exploit heap corruption via a crafted HTML page potentially.

V8, the open-source Google JavaScript engine written in C++ that powers Chrome and other Chromium-based browsers*, is an especially attractive target for attackers.

A type confusion vulnerability lets the exploit allocate or initialize a resource using one type, such as a pointer, object, or variable. Still, it later accesses that resource using a type that is incompatible with the original type.

CVE-2023-2033 vulnerability technical details will be available soon after most users get the patch.

” Access to bug details and links may be restricted until most users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed.” Google reports.

Update Now

Google strongly recommends users update their Chrome web browser immediately to prevent exploitation. To update the Chrome web browser, you have to follow a few simple steps that we have mentioned below:-  

Google Chrome Zero-Day Bug Actively Exploited in Wide
  • First of all, go to the Settings option.
  • Then select About Chrome.
  • Now you must wait, as Chrome will automatically fetch and download the latest update.
  • Then wait for the latest version to be installed.
  • Once the installation process completes, now you have to restart Chrome.
  • That’s it. Now you are done.

Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus



Source link