Google on Friday produced out-of-band updates to resolve an actively exploited zero-working day flaw in its Chrome web browser, making it the to start with these kinds of bug to be resolved given that the begin of the year.
Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a kind confusion issue in the V8 JavaScript engine. Clement Lecigne of Google’s Menace Assessment Team (TAG) has been credited with reporting the issue on April 11, 2023.
“Variety confusion in V8 in Google Chrome prior to 112..5615.121 permitted a distant attacker to possibly exploit heap corruption via a crafted HTML page,” according to the NIST’s National Vulnerability Databases (NVD).
The tech big acknowledged that “an exploit for CVE-2023-2033 exists in the wild,” but stopped quick of sharing added specialized particulars or indicators of compromise (IoCs) to prevent even further exploitation by risk actors.
CVE-2023-2033 also seems to share similarities with CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262 โ four other actively abused sort confusion flaws in V8 that had been remediated by Google in 2022.
Impending WEBINARMaster the Art of Dark Web Intelligence Gathering
Master the art of extracting risk intelligence from the dark web โ Be part of this professional-led webinar!
Help save My Seat!
Google shut out a total of 9 zero times in Chrome final calendar year. The enhancement comes days soon after Citizen Lab and Microsoft disclosed the exploitation of a now-patched flaw in Apple iOS by consumers of a shadowy adware vendor named QuaDream to target journalists, political opposition figures, and an NGO employee in 2021.
Consumers are recommended to update to variation 112..5615.121 for Windows, macOS, and Linux to mitigate potential threats. Buyers of Chromium-dependent browsers these kinds of as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to implement the fixes as and when they grow to be available.
Identified this post fascinating? Adhere to us on Twitter ๏ and LinkedIn to browse more special information we article.
Some parts of this article are sourced from:
thehackernews.com