Google releases emergency update to fix 1st zero-day bug of 2023 in Chrome

San Francisco: In response to the first zero-day vulnerability exploited in attacks since the start of the year, Google has released an emergency Chrome security update.

“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” Google said in a security advisory.

The new version is currently being rolled out to users in the Stable Desktop channel, and it will eventually reach the full user base.

Chrome users will need to update to the new version as soon as possible since it fixes the CVE-2023-2033 vulnerability on Windows, Mac, and Linux computers.

Users can check for updates by going to the Chrome menu > Help > Google Chrome.

According to BleepingComputer, the high-severity zero-day vulnerability (CVE-2023-2033) is due to a high-severity type confusion weakness in the Chrome V8 JavaScript engine.

Clement Lecigne of Google’s Threat Analysis Group (TAG), whose major mission is to protect Google customers from state-sponsored attacks, reported the bug.

Moreover, the report mentioned that in spite of Google claiming that its knowledge of CVE-2023-2033 zero-day exploits has been used in attacks, the company has yet to provide further details.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google was quoted as saying.

“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed,” it added.

(IANS)