Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

On April 15, 2023, Google released an urgent update to its Chrome web browser to fix a zero-day vulnerability that was actively being exploited. This is the first such bug to be addressed this year. The vulnerability, tracked as CVE-2023-2033, is a high-severity issue and has been identified as a type of confusion problem in the V8 JavaScript engine. The bug was reported by Clement Lecigne of Google's Threat Analysis Group on April 11, 2023. The National Vulnerability Database (NVD) describes it as allowing a remote attacker to exploit heap corruption through a crafted HTML page. Google has acknowledged that the exploit for CVE-2023-2033 exists in the wild, but has not shared additional technical specifics or indicators of compromise to prevent further exploitation by threat actors. It is worth noting that CVE-2023-2033 shares similarities with four other actively abused type confusion flaws in V8 that were fixed by Google in 2022. Last year, Google closed out a total of nine zero-days in Chrome. Users are advised to upgrade to version 112.0.5615.121 for Windows, macOS, and Linux to mitigate potential threats. Chromium-based browser users are also advised to apply the fixes when available.