Skip to main content

Update Chrome now to avoid this major zero-day exploit

The Google Chrome browser has been hit by its first zero-day attack of 2023, and Google has begun rolling out an emergency update as of today to address the exploit.

Google detailed on its Chrome Release blog that it is aware that an exploit for CVE-2023-2033 exists in the wild. It has likely been circulating since the beginning of the year, according to Bleeping Computer.

Google Chrome open with several tabs.
Arif Bacchus/ Digital Trends / Digital Trends

The exploit was discovered and reported by Clement Lecigne of Google’s Threat Analysis Group (TAG). The group is known for locating government-sponsored bad actors that intend to hack Google to get access to high-profile people, such as journalists and rival politicians, so they can infect their accounts and devices with spyware, the publication noted.

Recommended Videos

The CVE-2023-2033 vulnerability is considered high-severity and is detailed as a “confusion weakness in the Chrome V8 JavaScript engine.” However, Google has shared few other details about the attack at this time, particularly about how the CVE-2023-2033 vulnerability has been used in actual attacks. The name “zero-day” indicates that the vulnerability still exists in the wild, despite Google having addressed it with an update.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”

The update version 112.0.5615.121 addressing CVE-2023-2033 is currently available for Chrome users in the Stable Desktop channel and will roll out to all users over several days and weeks. The update is compatible with Windows, Mac, and Linux systems. BleepingComputer noted it was able to access the update immediately by accessing Chrome menu > Help > About Google Chrome. The update will also hit Chrome browsers automatically when available after a restart.

In March 2022, a similar zero-day vulnerability called CVE-2022-1096 affected Chrome’s V8 JavaScript engine specifically on Mac devices.

A major zero-day vulnerability that affected Windows programs in June 2022, called CVE-2022-30190, Follina, was traced to a Chinese TA413 hacking group and was aimed at the Tibetan diaspora, as well as U.S. and EU government agencies.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
This upcoming AI feature could revolutionize Google Chrome
Google's Gemini logo with the AI running on a smartphone and a PC.

One of the latest trends in the generative AI space is AI agents, and Google may be prepping its own agent to be a feature of an upcoming Gemini large language model (LLM).

The development, called Project Jarvis, is an AI agent based within the Google Chrome browser that will be able to execute common tasks after being given a short query or command with more independence than before. The inclusion of AI agents in the next Chrome update has the potential to be the biggest overhaul since the browser launched in 2008, according to The Information.

Read more
Google Chrome may start resurfacing tabs from your other devices
Google Chrome browser running on Android Automotive in a car.

Google has announced that it is currently "experimenting" with a feature that suggests pages to you based on open tabs from other devices. Chrome is already handy at picking up where you left off on other devices through tab syncing. To bolster this seamless handoff between devices, this potential new feature will serve up these tabs.

Google didn't detail exactly how this would look, but the blog post reads that it would "proactively suggest pages" on the Chrome New Tab page. Right now, this page is filled with quick links to your most viewed websites and hand-picked shortcuts. For what it's worth, to me this seems like a convenient place to put these tabs.

Read more
Google Chrome has its own version of Window’s troubled Recall feature
google chrome version of recall blog header

Google has announced a number of AI features for the Chrome web browser, one of which can search through your browsing history using plain language. It's a bit like a toned-down version of Microsoft's Recall feature, which did this on the level of the entire operating system.

The example given entails typing the following question into your search history: "What was that ice cream shop I looked at last week?" Chrome will then dig through and pull up sites relevant to your question. It'll then suggest a website as the "AI Best Match."

Read more