Google releases security update for Chrome to fix zero-day bug


In response to the first zero-day vulnerability exploited in attacks since the beginning of the year, Google has released an emergency Chrome security update.

“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” Google said in a security advisory.

The new version is currently being rolled out to users in the stable desktop channel, and will eventually roll out to the full user base.

Chrome users will need to update to the new version as soon as possible as it fixes the CVE-2023-2033 vulnerability on Windows, Mac and Linux computers.

Users can check for updates by going to Chrome menu > Help > Google Chrome.

According to BleepingComputer, the high-severity zero-day vulnerability (CVE-2023-2033) is due to a high-severity type confusion vulnerability in the Chrome V8 JavaScript engine.

Clement Lesigne of Google’s Threat Analysis Group (TAG), whose primary mission is to protect Google customers from state-sponsored attacks, reported the bug.

Furthermore, the report mentions that despite Google claiming to have used its knowledge of the CVE-2023-2033 zero-day exploits in the attacks, the company has yet to provide further details.

“Access to the bug description and link may be restricted until the majority of users are updated with the fix,” Google was quoted as saying.

It added, “If the bug exists in a third-party library that other projects depend on, but has not yet been fixed, we will also uphold the sanctions.”


The post Google issues security update for Chrome to fix zero-day bug appeared first on Techlusive.

Read full article here

Leave a Reply