Skip to main content

Google Chrome emergency update fixes first zero-day of 2023

Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year.

"Google is aware that an exploit for CVE-2023-2033 exists in the wild," the search giant said in a security advisory published on Friday

The new version is rolling out to users in the Stable Desktop channel, and it will reach the entire user base over the coming days or weeks.

Chrome users should upgrade to version 112.0.5615.121 as soon as possible, as it addresses the CVE-2023-2033 vulnerability on Windows, Mac, and Linux systems.

This update was immediately available when BleepingComputer checked for new updates from the Chrome menu > Help > About Google Chrome.

The web browser will also automatically check for new updates and install them without requiring user interaction after a restart.

​​Attack details not yet disclosed

The high-severity zero-day vulnerability( CVE-2023-2033 )
is due to a high-severity
type confusion weakness in the Chrome V8 JavaScript engine.

The bug was reported by Clement Lecigne of Google's Threat Analysis Group (TAG), whose primary goal is to defend Google customers from state-sponsored attacks.

Google TAG frequently discovers and reports zero-day bugs exploited in highly-targeted attacks by government-sponsored threat actors aiming to install spyware on devices of high-risk individuals, including journalists, opposition politicians, and dissidents worldwide.

Although type confusion flaws would generally allow attackers to trigger browser crashes after successful exploitation by reading or writing memory out of buffer bounds, threat actors can also exploit them for arbitrary code execution on compromised devices.

While Google said it knows of CVE-2023-2033 zero-day exploits used in attacks, the company has yet to share further information regarding these incidents.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said.

"We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

This will allow Google Chrome users to upgrade their browsers and block attack attempts until technical details are released, allowing more threat actors to develop their own exploits.

Comments

Post a Comment

Popular posts from this blog

Flipper Zero explained: What to know about the viral hacker tool ( Professional Hacker Used this toll

Flipper Zero explained: What to know about the viral hacker tool ( Professional Hacker Used this toll Flipper Zero explained: What to know about the viral hacker tool The hacking tool blew up on TikTok. Unlike other TikTok trends, it is a powerful tool that can be used by serious pen testers and a learning device for new hackers. Ben Lutkevich, Technical Features Writer Published: 02 Mar 2023 Wireless signals are everywhere. Phones, Wi-Fi networks and bank cards are just a few technologies that use wireless signals to communicate. Hacking them typically requires some cybersecurity knowledge, but Flipper Zero makes it a cinch. Flipper Zero is a toy-like portable hacking tool. The multi-tool is marketed to "geeks," red team hackers and pen testers to expose vulnerabilities in the world around them, like a cybersecurity X-ray. The tool is open source and completed a successful Kickstarter in 2020. The tool gained popularity o...
Post a Comment
Read more

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) (: Cyber Crime Lows :)

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) (: Cyber Crime Lows :) The CitationInformation Technology Act, 2000Enacted byParliament of IndiaEnacted9 June 2000Assented to9 June 2000Signed9 May 2000Commenced17 October 2000Introduced byPramod Mahajan Minister of Communications and Information TechnologyAmended byIT (Amendment) Act 2008 The bill was passed in the budget session of 2000 and signed by President K. R. Narayanan on 9 May 2000. The bill was finalised by a group of officials headed by the Minister of Information Technology Pramod Mahajan 68Failure/refusal to comply with ordersImprisonment up to 2 years, or/and with fine up to ₹1,00,00069Failure/refusal to decrypt dataImprisonment up to seven years and possible fine.70Securing access or attempting to secure access to a protected systemImprisonment up to ten years, or/and with fine.71MisrepresentationImprisonment up to 2 years, or/and with fine up to ₹1,00,00072Breach of co...
Post a Comment
Read more

How to Hack insta..Facebook.. hack social media account andbcrypto account

NOTE: This post is only for educational purpose. I and this website do not support any criminal activity. If you are doing any sort of misuse of this information This website is not responsible for that. THIS YouTube Channel ONLY SUPPORT ETHICAL HACKING. Download Zphisher tool full video.zip 👇👇👇👇👇👇👇👇 Click Here  👈👈👈👈 ☝☝☝☝ Download & after decompress file and watch full video HD quality NOTE: This post is only for educational purpose. I and this website do not support any criminal activity. If you are doing any sort of misuse of this information This website is not responsible for that. THIS YouTube Channel ONLY SUPPORT ETHICAL HACKING. What is Termux Zphisher Phishing Tool? Termux ZPhisher is an Advanced Phishing Tool that allows hackers to perform phishing attacks using termux on their Android phones. This tool is almost similar to the Hidden Eye Tool as well as it also has some features of ADV Phishing Tool. This tool has 30 phishing pages incl...
Post a Comment
Read more