Google issues fix for exploited Chrome bug

By on
Google issues fix for exploited Chrome bug

Google has issued a security update to handle an exploited zero-day vulnerability in Chrome, the first one for 2023.

Users should upgrade to Chrome version 112.0.5615.121 as soon as possible.

Indexed as Common Vulnerabilities and Exposures (CVE) 2023-2033, the bug is due to a type confusion issue in Chrome's V8 Javascript engine.

Type confusion can happen when a programmer's code doesn't verify the form of object that is passed to it, and uses it without checks.

Attackers can abuse type confusion bugs with specially crafted web pages, containing malicious Javascript code that executes when users visit sites.

The current vulnerability is being exploited, but Google provided no further details on where that has happened, or when.

Google's Threat Action Group (TAG) researcher Clément Lecigne is credited with having reported the bug on April 11.

Chrome is the world's most popular web browser, estimated to be used by anywhere from 2.7 billion to 3.2 billion people, and it runs on several different desktop and mobile operating systems.

Its underlying Chromium open source technology such as rendering engine is used by other software vendors such as Microsoft for its Edge web browser.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:
chrome google security vulnerability zeroday

Partner Content

How to 'sell' disaster recovery to CEOs
How to 'sell' disaster recovery to CEOs
AusCERT focuses on preventative action, lifting the knowledge of communities
AusCERT focuses on preventative action, lifting the knowledge of communities
2023 CRN Kickstarter Report
2023 CRN Kickstarter Report
How to give home and remote workers an equal voice in hybrid meetings
How to give home and remote workers an equal voice in hybrid meetings
MSPs must adopt an 'as a Service' business model or face oblivion
MSPs must adopt an 'as a Service' business model or face oblivion

Sponsored Whitepapers

ArrowSphere: The cloud delivery and management platform for powering digital growth
ArrowSphere: The cloud delivery and management platform for powering digital growth
Wasabi Focuses On Just One Thing: Providing the Best Cloud Storage Solution in the World
Wasabi Focuses On Just One Thing: Providing the Best Cloud Storage Solution in the World
How vulnerability scans identify & protect against cyberthreats before criminals locate them
How vulnerability scans identify & protect against cyberthreats before criminals locate them
Monitoring & automation: A primer for MSPs
Monitoring & automation: A primer for MSPs
Endpoint Detection and Response
Endpoint Detection and Response

Most Read Articles

Microsoft to enforce Teams Rooms device licenses

Microsoft to enforce Teams Rooms device licenses
Defence to refresh ICT services panel

Defence to refresh ICT services panel
MSPs must adopt an 'as a Service' business model or face oblivion

MSPs must adopt an 'as a Service' business model or face oblivion
Australian AWS partners take awards spotlight

Australian AWS partners take awards spotlight

Log In

Email:
Password:
  |  Forgot your password?