• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
google releases urgent chrome update to fix actively exploited zero day

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

You are here: Home / General Cyber Security News / Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
April 15, 2023

Google on Friday unveiled out-of-band updates to solve an actively exploited zero-working day flaw in its Chrome web browser, generating it the very first this sort of bug to be dealt with considering that the start out of the 12 months.

Tracked as CVE-2023-2033, the large-severity vulnerability has been explained as a form confusion issue in the V8 JavaScript motor. Clement Lecigne of Google’s Risk Analysis Team (TAG) has been credited with reporting the issue on April 11, 2023.

“Kind confusion in V8 in Google Chrome prior to 112..5615.121 permitted a remote attacker to potentially exploit heap corruption through a crafted HTML site,” in accordance to the NIST’s Nationwide Vulnerability Database (NVD).

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The tech big acknowledged that “an exploit for CVE-2023-2033 exists in the wild,” but stopped limited of sharing additional complex particulars or indicators of compromise (IoCs) to avoid further more exploitation by danger actors.

CVE-2023-2033 also seems to share similarities with CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262 – four other actively abused variety confusion flaws in V8 that were remediated by Google in 2022.

Impending WEBINARMaster the Art of Dark Web Intelligence Gathering

Find out the artwork of extracting menace intelligence from the dark web – Be a part of this specialist-led webinar!

Save My Seat!

Google closed out a complete of 9 zero times in Chrome final yr. The improvement comes days soon after Citizen Lab and Microsoft disclosed the exploitation of a now-patched flaw in Apple iOS by clients of a shadowy spyware vendor named QuaDream to concentrate on journalists, political opposition figures, and an NGO worker in 2021.

Customers are advised to up grade to version 112..5615.121 for Windows, macOS, and Linux to mitigate possible threats. End users of Chromium-based mostly browsers this kind of as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to use the fixes as and when they turn into offered.

Discovered this short article intriguing? Follow us on Twitter  and LinkedIn to go through much more unique content material we put up.


Some areas of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News CISA Asks Manufacturers to Prioritize Cybersecurity in Product Design
Next Post: New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers new zaraza bot credential stealer sold on telegram targeting 38 web»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.