Exploitation of CVE-2023-2033 in Google Chrome

Security update released to address an actively exploited zero-day vulnerability in Chrome

Threat ID:: CC-4301
Threat Severity:: Medium
Published:: 17 April 2023 11:46 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update released to address an actively exploited zero-day vulnerability in Chrome

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 112.0.5615.121

Google Chrome for Windows, macOS and Linux

Threat details

Introduction

Google has released a security update to address a High severity zero-day vulnerability tracked as CVE-2023-2033 that affects Google Chrome for Windows, Mac, and Linux. A remote attacker could exploit this Chrome V8 type confusion vulnerability to cause heap corruption via a crafted HTML page, which could lead to arbitrary code execution.

Exploitation of CVE-2023-2033

Google is aware that an exploit for CVE-2023-2033 exists in the wild.

Remediation advice

Affected organisations are encouraged to review the Chrome Release and apply the necessary updates to the latest release.

Definitive source of threat updates

https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html

CVE Vulnerabilities

Status Published

CVE-2023-2033

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Last edited: 17 April 2023 12:28 pm