April 16, 2023

Google Chrome 0-Day Vulnerability Exploited in the Wild

Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day.

The updated version is 112.0.5615.121 for Windows, Mac, and Linux.

The 0-Day RCE Vulnerability

• CVE-2023-2033, High-severity –  type confusion vulnerability in the Chrome V8 Javascript engine.While type confusion vulnerabilities typically cause browser crashes when successfully exploited by reading or writing memory outside of buffer bounds, they can also be used to execute arbitrary code remotely.

Affected Products

These vulnerabilities affect all unpatched Chrome and Chromium-based browsers.

Mitigation

CYREBRO recommends all Chrome users to update their browser to the latest Chrome version, 112.0.5615.121 for Windows, Mac and Linux.

References: Chrome Releases