Google has released an important update for its Chrome browser to address a high-severity security vulnerability known as type confusion in the browser’s V8 engine. The flaw, designated as CVE-2023-2033, affected versions of Google Chrome prior to the latest release, version 112.0.5615.121.
The vulnerability was described by the National Institute of Standards and Technology (NIST) as follows: “Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.” NIST has categorized this vulnerability as having a “high” severity level within Chromium’s security assessment.
Chrome users should upgrade to version 112.0.5615.121 as soon as possible by go to Google Chrome menu -> Help -> About Google Chrome
The web browser will start the update immediately
The vulnerability was initially reported by Clément Lecigne, a member of Google’s Threat Analysis Group, on April 11, 2023. Google has since confirmed that an active exploit for CVE-2023-2033 exists in the wild, making the prompt application of the update critical for users’ online safety.
While Google said it knows of CVE-2023-2033 zero-day exploits used in attacks, the company has yet to share further information regarding these incidents. In its statement, Google noted, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.” As such, additional details surrounding the nature of the attacks may be withheld for the time being to ensure the security of users who have not yet updated their browsers.