Skip to main content

Update Chrome now to avoid this major zero-day exploit

The Google Chrome browser has been hit by its first zero-day attack of 2023, and Google has begun rolling out an emergency update as of today to address the exploit.

Google detailed on its Chrome Release blog that it is aware that an exploit for CVE-2023-2033 exists in the wild. It has likely been circulating since the beginning of the year, according to Bleeping Computer.

Google Chrome open with several tabs.
Arif Bacchus/ Digital Trends

The exploit was discovered and reported by Clement Lecigne of Google’s Threat Analysis Group (TAG). The group is known for locating government-sponsored bad actors that intend to hack Google to get access to high-profile people, such as journalists and rival politicians, so they can infect their accounts and devices with spyware, the publication noted.

The CVE-2023-2033 vulnerability is considered high-severity and is detailed as a “confusion weakness in the Chrome V8 JavaScript engine.” However, Google has shared few other details about the attack at this time, particularly about how the CVE-2023-2033 vulnerability has been used in actual attacks. The name “zero-day” indicates that the vulnerability still exists in the wild, despite Google having addressed it with an update.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”

The update version 112.0.5615.121 addressing CVE-2023-2033 is currently available for Chrome users in the Stable Desktop channel and will roll out to all users over several days and weeks. The update is compatible with Windows, Mac, and Linux systems. BleepingComputer noted it was able to access the update immediately by accessing Chrome menu > Help > About Google Chrome. The update will also hit Chrome browsers automatically when available after a restart.

In March 2022, a similar zero-day vulnerability called CVE-2022-1096 affected Chrome’s V8 JavaScript engine specifically on Mac devices.

A major zero-day vulnerability that affected Windows programs in June 2022, called CVE-2022-30190, Follina, was traced to a Chinese TA413 hacking group and was aimed at the Tibetan diaspora, as well as U.S. and EU government agencies.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
This Chrome extension lets hackers remotely seize your PC
A depiction of a hacker breaking into a system via the use of code.

Malicious extensions on Google Chrome are being used by hackers remotely in an effort to steal sensitive information.

As reported by Bleeping Computer, a new Chrome browser botnet titled 'Cloud9' is also capable of logging keystrokes, as well as distributing ads and malicious code.

Read more
Google Chrome gets one of Microsoft Edge’s best features
Google Chrome has been updated with a new sidebar feature.

Google Chrome has announced new updates for its browser to make searching more effective without having to open a new tab or return to a previous page after inputting a new search.

The Chrome sidebar feature comes just months after Microsoft introduced a similar feature to its own browser, Edge.

Read more
Why Google Chrome Incognito Mode isn’t what it claims to be
Google Chrome icon in mac dock.

A seemingly obscure little class-action lawsuit filed in 2021 has exploded into the mainstream news lately, alleging that Google continues to track users when they’re using incognito mode on Chrome.

Of course, any savvy web user knows there’s no such thing as complete privacy on the internet, at least not without running Tor through a VPN tunnel while wearing a Guy Fawkes mask. But it seems what we expect of Google Chrome’s incognito mode and what Google actually does are two different things.

Read more