On Friday, Google released an out-of-band update to resolve an actively exploited zero-day vulnerability in its Chrome web browser.
tracked as CVE-2023-2033high-severity vulnerabilities are type confusion problem With the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) reported this issue on April 11, 2023.
“Type confusion in V8 of Google Chrome prior to 112.0.5615.121 could allow a remote attacker to exploit heap corruption via a crafted HTML page.” according to To NIST’s National Vulnerability Database (NVD).
technology giant Admitted It states that โexploits for CVE-2023-2033 do exist,โ but did not go so far as to share additional technical details or indicators of compromise (IoCs) to prevent further exploitation by threat actors. bottom.
CVE-2023-2033 also appears similar to CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262. This is another of his four type confusion flaws actively exploited in V8 and fixed by Google. 2022.
Master the Art of Dark Web Intelligence Gathering
Learn the art of extracting threat intelligence from the dark web – join us for this expert-led webinar!
Google ended a total of nine zero days in Chrome last year. The development is expected in 2021 by Citizen Lab and Microsoft to expose the exploitation of a now-patched flaw in Apple iOS by a customer of a shadowy spyware vendor named QuaDream, to expose journalists, opposition figures, and NGOs. This comes just days after it revealed in 2021 that it had targeted workers in
We recommend upgrading to version 112.0.5615.121 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply the fix as it becomes available.