Google Releases Urgent Chrome Update to Fix Zero-Day Vulnerability

Gauloran

Kıdemli Moderatör
7 Tem 2013
8,096
585
local
The first such bug to be fixed since the year's beginning, Google fixed an actively exploited zero-day vulnerability in its Chrome web browser on Friday by releasing out-of-band updates.

The high severity vulnerability, tracked as CVE-2023-2033, has been identified as a type confusion problem in the V8 JavaScript engine. On April 11, 2023, Clement Lecigne of Google's Threat Analysis Group (TAG) is credited with reporting the problem.

"Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to the National Vulnerability Database (NVD) of NIST.

The tech behemoth admitted that "an exploit for CVE-2023-2033 exists in the wild," but refrained from disclosing any additional technical details or indicators of compromise (IoCs) in order to stop threat actors from abusing the vulnerability.

In addition, CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262, four other actively exploited type confusion flaws in V8 that were fixed by Google in 2022, appear to be related to CVE-2023-2033.

Nine zero days in Chrome were successfully closed out by Google last year. The news comes days after Citizen Lab and Microsoft revealed that customers of the shady spyware vendor QuaDream were using a flaw in Apple iOS that has since been patched to target journalists, members of the political opposition, and an employee of an NGO in 2021.

To reduce potential threats, users are advised to update to version 112.0.5615.121 for Windows, macOS, and Linux. As soon as the fixes become available, users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are encouraged to install them.

What is Zero-Day Vulnerability?

A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit that attacks a zero-day vulnerability is called a zero-day exploit.

Because they were discovered before security researchers and software developers became aware of them—and before they can issue a patch—zero-day vulnerabilities pose a higher risk to users for the following reasons:​
  • Cybercriminals race to exploit these vulnerabilities to cash in on their schemes​
  • Vulnerable systems are exposed until a patch is issued by the vendor.​
Zero-day vulnerabilities are typically involved in targeted attacks; however, many campaigns still use old vulnerabilities.​
 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.