“Earlier this week, Google launched an emergency safety replace for the Chrome browser attributable to a vulnerability that’s being actively exploited within the wild,” studies Sizzling {Hardware}:
On Friday, Google highlighted CVE-2023-2033, reported by Clément Lecigne of Google’s personal Menace Evaluation Group (TAG). This vulnerability is a ‘kind confusion‘ bug within the JavaScript engine for Chromium browsers useing the V8 Javascript engine. Briefly, kind confusion is a bug that enables reminiscence to be accessed with the unsuitable kind, permitting for the studying or writing of reminiscence out of bounds. The CVE web page says that an attacker may create an HTML web page that enables the exploitation of heap corruption.
Whereas there isn’t any Widespread Vulnerability Scoring System (CVSS) rating connected to the vulnerability but, Google is monitoring this as a “excessive” severity challenge. That is doubtless due partially to the truth that “Google is conscious that an exploit for CVE-2023-2033 exists within the wild.”
The article notes that Chrome updates are usually finished robotically, however you can too test for updates by clicking Chrome’s three-dots menu within the top-right nook, then “Assist” and “About Chrome.”
