Security News > 2023 > April > Google Chrome emergency update fixes first zero-day of 2023
Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year.
This update was immediately available when BleepingComputer checked for new updates from the Chrome menu > Help > About Google Chrome.
Google TAG frequently discovers and reports zero-day bugs exploited in highly-targeted attacks by government-sponsored threat actors aiming to install spyware on devices of high-risk individuals, including journalists, opposition politicians, and dissidents worldwide.
While Google said it knows of CVE-2023-2033 zero-day exploits used in attacks, the company has yet to share further information regarding these incidents.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said.
This will allow Google Chrome users to upgrade their browsers and block attack attempts until technical details are released, allowing more threat actors to develop their own exploits.
News URL
Related news
- Google Chrome to use on-device AI to detect tech support scams (source)
- Google Chrome to block admin-level browser launches for better security (source)
- Google Chrome's Built-in Manager Lets Users Update Breached Passwords with One Click (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products (source)
- Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (source)
- Google fixes high severity Chrome flaw with public exploit (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-14 | CVE-2023-2033 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |