Google Warns 3 Billion Chrome Users To Install This Emergency Security Patch ASAP
Posted to a bulletin on Friday, Google highlighted CVE-2023-2033, reported by Clément Lecigne of Google’s own Threat Analysis Group (TAG). This vulnerability is a ‘type confusion’ bug in the JavaScript engine for Chromium browsers useing the V8 Javascript engine. In short, type confusion is a bug that allows memory to be accessed with the wrong type, allowing for the reading or writing of memory out of bounds. The CVE page says that an attacker could create an HTML page that allows the exploitation of heap corruption.
While there is no Common Vulnerability Scoring System (CVSS) score attached to the vulnerability yet, Google is tracking this as a “high” severity issue. This is likely due in part to the fact that “Google is aware that an exploit for CVE-2023-2033 exists in the wild.”
Beyond this vulnerability, several other unnamed issues were fixed with this update, so it would be wise to update to v112.0.5615.121. This will generally be done automatically, but users can also check for themselves to ensure they are protected. One can check for updates by clicking the three dots menu in Chrome in the top right corner, clicking “Help,” and then “About Chrome.”
Of course, everyone should be on the lookout for updates and patching their software as soon as possible, but this is a special case. With active exploitation of a vulnerability, Chrome users should check for an update now to keep their data and computer secure before agencies start issuing warnings.
