Google released an out-of-band update on Friday to resolve an actively exploited zero-day vulnerability in its Chrome web browser.
tracked as CVE-2023-2033, the high-severity vulnerability is described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) reported this issue on April 11, 2023.
According to NIST’s National Vulnerability Database (NVD), “V8 type confusion in Google Chrome prior to 112.0.5615.121 allows remote attackers to exploit heap corruption via crafted HTML pages.” I had a personality.”
Tech giant has admitted that “exploits for CVE-2023-2033 do exist,” but shares additional technical details or indicators of compromise (IoC) to prevent further exploitation by threat actors I didn’t reach it.
CVE-2023-2033 also appears similar to CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262. This is another of his four type confusion flaws actively exploited in V8 and fixed by Google. 2022.
Master the Art of Dark Web Intelligence Gathering
Learn the art of extracting threat intelligence from the dark web – join us for this expert-led webinar!
Save my seat!
Google ended a total of nine zero days in Chrome last year. The development is expected in 2021 by Citizen Lab and Microsoft to expose the exploitation of a now-patched flaw in Apple iOS by a customer of a shadowy spyware vendor named QuaDream, to expose journalists, opposition figures, and NGOs. This comes just days after it revealed in 2021 that it had targeted workers in
We recommend upgrading to version 112.0.5615.121 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply the fix as it becomes available.
