Google releases emergency patch for Chrome browser.

Google has just released an unscheduled update to address a zero-day vulnerability believed to have been actively exploited by hackers in the Google Chrome browser. This is the first serious bug of 2023 on the world's largest browser by market share.

The vulnerability, named CVE-2023-2033, was reported by Clement Lecigne of Google's Threat Analysis Team (TAG) on April 11, 2023. Google TAG is a team of experts tasked with detecting and reporting zero-day vulnerabilities exploited in highly targeted attacks from government- sponsored threat actors.

The vulnerability is of high severity, described as a type confusion issue in the V8 JavaScript engine. The type confusion in V8, found in Google Chrome browsers prior to version 112.0.5615.121, allows a remote attacker to potentially exploit a heap vulnerability through a generated HTML page.

While this vulnerability typically allows attackers to cause browser crashes when successfully exploited by reading or writing data outside the buffer limits, hackers can also execute code on compromised devices. The high severity of this vulnerability led Google to state that access to the bug details will be restricted until the majority of users receive the patch.

It's also possible that Google will continue to restrict access to this security vulnerability because it's also present in third-party libraries or projects that depend on JavaScript V8 and haven't been patched.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as soon as they are released. To check for the latest version of Google Chrome, from your browser go to Chrome > Help > About Google Chrome.