Google has issued an emergency update to its Chrome browser to fix a significant zero-day security hole that might allow malicious actors to take control of a user’s device by running arbitrary code in the browser.
The vulnerability, CVE-2023-2033, provides a high-severity risk to Chrome users using desktop versions prior than 112.0.5615.121. The security flaw is said to exist in Chrome’s V8 JavaScript engine and can be exploited by a rogue webpage. Experts believe the exploit code is already in circulation and being used by crooks.
Clément Lecigne of Google’s Threat Analysis Group discovered and reported the vulnerability on April 11, according to Google. The online giant revealed that it is aware of a CVE-2023-2033 attack propagating in the open. Google has corrected the first zero-day issue in Chrome this year with this emergency release.
Users are encouraged to upgrade their browsers to the most recent version as soon as possible, either automatically or manually. On April 14, Google issued version 112.0.5615.121 for Windows, Mac, and Linux to address the security problem.
The nature of the exploit and its possible implications have not been disclosed in full. Other security updates from internal audits, fuzzing, and other projects are also included in the new Chrome.
The sources for this piece include an article in TheRegister.