Security News > 2023 > April > Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
2023-04-15 03:58

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year.

Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine.

Clement Lecigne of Google's Threat Analysis Group has been credited with reporting the issue on April 11, 2023.

"Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to the NIST's National Vulnerability Database.

CVE-2023-2033 also appears to share similarities with CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262 - four other actively abused type confusion flaws in V8 that were remediated by Google in 2022.

Google closed out a total of nine zero days in Chrome last year.


News URL

https://thehackernews.com/2023/04/google-releases-urgent-chrome-update-to.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-04-14 CVE-2023-2033 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject couchbase CWE-843
8.8
2022-12-02 CVE-2022-4262 Type Confusion vulnerability in Google Chrome
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-843
8.8
2022-11-01 CVE-2022-3723 Type Confusion vulnerability in Google Chrome
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-843
8.8
2022-07-26 CVE-2022-1364 Type Confusion vulnerability in Google Chrome
Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
0.0
2022-07-23 CVE-2022-1096 Type Confusion vulnerability in Google Chrome
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 994 4922 2872 1623 10411