Headline
Update Chrome now! Google patches actively exploited flaw
Categories: Exploits and vulnerabilities Categories: News Tags: Google
Tags: Chrome zero-day
Tags: CVE-2023-2033
Tags: V8 flaw
Tags: V8
Google has released an updated version of Chrome to address a zero-day flaw that is being exploited in the wild.
(Read more…)
The post Update Chrome now! Google patches actively exploited flaw appeared first on Malwarebytes Labs.
Posted: April 17, 2023 by
In a recent security advisory, Google says it patched a high-severity zero-day security flaw in its Chrome browser—the first in 2023—currently being exploited in the wild by threat actors. The company urges all its Windows, Mac, and Linux users to update to version 112.0.5615.121 immediately, as this flaw is present in Chrome versions before this one. Updating your browser can be done manually or automatically.
If you use other Chromium-based browsers, you may need to update them as well.
The vulnerability, tracked as CVE-2023-2033, is exploitable when a user visits a malicious webpage using an unpatched Chrome browser. The page could run arbitrary code in the browser, potentially leading to your computing device being hijacked. Google knows an exploit code for this flaw already exists and is circulating in the wild.
CVE-2023-2033 is a type-confusion bug in V8, Google’s open-source JavaScript and WebAssembly engine. As with zero-day patch announcements, the company supplied little to no details on how attackers could exploit this flaw. However, we know that attacks on V8, although uncommon, are considered one of the most dangerous. Exploiting a weakness in V8 typically leads to a browser crashing.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” says Google in the advisory. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
Google is giving all its Chrome users enough time to update to the latest version until technical details are released.
How to manually update Chrome
Google Chrome typically updates automatically. However, it’s worth double checking. To check if your browser is up to date:
- Click the three vertical dots at the upper right-hand side of the URL bar.
- Select Help > About Google Chrome.
Simply doing this should trigger Chrome to update. Once done, the browser will ask you to relaunch. Click the button to confirm and complete the update process.
Google would never let users manually download and install a separate file to update Chrome. Scammers and threat actors have used this tactic many times in the past, and, for a time, it worked. Now and then, this tactic is adopted in a malicious campaign, to catch those who aren’t familiar with how Chrome works or how Google updates its products.
Stay safe!
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
TRY NOW
RELATED ARTICLES
Related news
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by
Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have been
Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR
Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023. "Type
Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. It’s been a […]
Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023. "
Because the security vulnerability is under active exploit, Google isn't releasing full details of the flaw while users could remain vulnerable.
Debian Linux Security Advisory 5390-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code.
Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)