Google has released an emergency security update for the Chrome browser, warning its 3 billion users to install the patch as soon as possible. The update addresses a vulnerability that is being actively exploited in the wild, & is considered a “high” severity issue.
The vulnerability is a “type confusion” bug in the JavaScript engine for Chromium browsers using the V8 Javascript engine. Type confusion is a bug that allows memory to be accessed with the wrong type, which can allow for the reading or writing of memory out of bounds. An attacker could create an HTML page that allows the exploitation of heap corruption.
Google’s Threat Analysis Group (TAG) reported the vulnerability, known as CVE-2023-2033. While there is no Common Vulnerability Scoring System (CVSS) score attached to the vulnerability yet, Google is tracking it closely due to the active exploitation in the wild. The CVE page warns that an attacker could create an HTML page to exploit heap corruption, & that a successful attack could result in remote code execution.
In addition to the vulnerability, the update fixes several other unnamed issues. Users should update to version 112.0.5615.121, which will generally be done automatically. However, users can also manually check for updates by clicking the three dots menu in Chrome, clicking “Help,” & then “About Chrome.” With active exploitation of the vulnerability, it is crucial that users update their software to keep their data & computer secure.
