Google is actively patching exploited zeroday in Chrome web browser

Spread the love

Google has released an update for Chrome to patch an actively exploited zero-day bug. It is a type confusion bug in the V8 JavaScript engine that is classified as high. Google reports that the bug is being actively exploited.

For the time being, the American company provides few details about the vulnerability, that code CVE-2023-2033 got. The company does this in their own words until a majority of Chrome users are able to install the update. The patch is included in Google Chrome 112.0.5615.121; that is an update that will be available for the Linux, macOS and Windows variants of the web browser.

The CVE database states that it is a type confusion bug that has been fixed in Chrome’s V8 JavaScript engine. With a type confusion vulnerability, the engine does not properly check which type of object is being loaded. This can ensure that attackers can execute malicious code in the browser where, for example, privacy-sensitive information can be read. Last year, Google also released some zero-day bug patches for Chrome. Some of those bugs were also in the browser’s JavaScript engine back then.

You might also like