Install this emergency update from Google to patch an actively exploited Chrome security flaw

Google logo on sticks

Google has issued an emergency update for Chrome which should be installed as soon as possible to plug a vulnerability known to be under active exploitation. The update is available for Windows, macOS and Linux.

In releasing Chrome v112.0.5615.121 for desktop to the stable channel, Google addresses the high severity CVE-2023-2033 as well as issuing other fixes. Described as a "type confusion in V8 in Google Chrome", CVE-2023-2033 is being exploited in the wild, hence the need for the emergency patch.

See also:

As the vulnerability is known to be under active exploitation at the moment, Google is being careful in not sharing details about the security flaw. The issue is being tracked as CVE-2023-2033, and while it is yet to be assigned a CVSS rating it is descried as being high severity.

The current description is:

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

In releasing Chrome v 112.0.5615.121, Google says:

This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$NA][1432210] High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2023-2033 exists in the wild.
As usual, our ongoing internal security work was responsible for a wide range of fixes:

[1433131] Various fixes from internal audits, fuzzing and other initiatives

You can make sure your version of the browser is completely patched and up-to-date by selecting Help > About Google Chrome from the three-dot menu.

Image credit: rozelt / depositphotos

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.