Google releases emergency patch for Chrome browser

Google has released an unscheduled update to address a zero-day vulnerability that is believed to be actively exploited by hackers in the Google Chrome browser. This is the first serious bug of 2023 in the world's largest browser.

The vulnerability, identified as CVE-2023-2033, was reported by Clement Lecigne of Google's Threat Analysis Group (TAG) on April 11, 2023. Google TAG is a team of experts tasked with discovering and reporting zero-day vulnerabilities exploited in highly targeted attacks by state- sponsored threat actors.

The vulnerability is a high severity vulnerability described as a type confusion issue in the V8 JavaScript engine. A type confusion issue in V8 in Google Chrome browser prior to version 112.0.5615.121 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

While the bug typically allows attackers to cause browser crashes when successfully exploited by reading or writing out-of-bounds buffer data, it can also allow attackers to execute code on compromised devices. The high severity of the vulnerability has led Google to say that access to details of the bug will be limited until the majority of users are patched.

It is also possible that Google will continue to restrict access to this security flaw since it is also present in third-party libraries or projects that depend on JavaScript V8 and have not been patched.

Users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as soon as they are released. To check for the latest version of Google Chrome, from your browser, go to Chrome > Help > About Google Chrome.