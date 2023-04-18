



Google has released a critical security update for Chrome to address a zero-day vulnerability targeted by an exploit that allows malicious code to run.

Google is urging users to upgrade Chrome to the new version 112.0.5615.121 as soon as possible. The updated version addresses vulnerabilities affecting Windows, Mac, and Linux systems and is listed as CVE-2023-2033 in the US National Vulnerability Database.

Meanwhile, the company says the update will roll out to Google’s stable desktop channel in the coming weeks.

The high-severity vulnerability is described by Google as a “type confusion” issue in the V8 JavaScript engine. Google Chrome V8 is Google’s open source JavaScript and WebAssembly engine.

“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the company said in an April 14 statement.

NIST, the US Department of Commerce agency that maintains the National Vulnerability Database, has further elaborated on the CVE description of the vulnerability. According to NIST, type confusion in V8 of Google Chrome prior to 112.0.5615.121 could allow a remote attacker to exploit heap corruption via a crafted HTML page.

Google has not yet released full details about the vulnerability. Google said in a statement that access to bug details and links may continue to be restricted until the fix is ​​available to the majority of users.

How to update Chrome

To update Chrome, click the overflow menu on the right side of the menu bar and select[ヘルプ]and[Google Chrome について]Go to. Chrome automatically checks for browser updates and updates the browser by default. After the update is complete, users should restart their browsers.

Clement Lecigne of Google’s Threat Analysis Group identified this vulnerability and reported the issue on April 11th. In addition to fixing CVE-2023-2033, the Chrome update also fixes various issues found by internal audits and other initiatives, the company said.

This is the first zero-day vulnerability reported in Chrome this year. In December, Google released an update to Chrome after another type of confusion vulnerability in V8 was identified.

According to an alert sent by cybersecurity firm NSFocus, when a program uses a method of one type to allocate or initialize a resource and then accesses that resource using another method, a type confusion error occurs. An out-of-bounds memory access occurs. About Chrome’s December update. “By enticing a user to visit his specially crafted website, a remote attacker could ultimately execute arbitrary code or cause a denial of service on the system. There is,” he said to NSFocus.

Last year, we identified nine zero-day vulnerabilities in Chrome.

According to a Synopsys report, in 2022 the number of known open source vulnerabilities will increase by 4% from 2021. At least one known open source vulnerability was detected in 84% of all commercial and proprietary code bases examined by researchers, and 48% of all code bases analyzed contained high-risk vulnerabilities. was

Copyright © 2023 IDG Communications, Inc.

