Google Chrome releases security fix for this major flaw, so update now

New Google Chrome zero-day allows arbitrary code execution

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlesays it has fixed a high-severity flaw in its Chromebrowserwhich is currently being exploited by threat actors in the wild.

In asecurity advisory, the company described the flaw being abused and urged the users to apply the fix immediately.

“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the advisory reads.

Automatic updates

The zero-day in question is a confusion weakness vulnerability in the Chrome V8 JavaScript engine, the company said. Usually, this type of flaw can be used to crash the browser, but in this case it can also be used to run arbitrary code on compromised endpoints.

The flaw was discovered by Clement Lecigne from the Google Threat Analysis Group (TAG). Usually, TAG works on finding flaws abused by nation-states, or state-sponsored threat actors. There is no word on who the threat actors abusing this flaw are, though.

Patch Google Chrome now to fix this emergency security flaw>Emergency Google Chrome update patches exploit abused in attacks>Check out the best firewalls around

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

To remedy the vulnerability, users should make sure to update their browsers to version 112.0.5615.121 as soon as possible. The fix addresses the flaw on Windows, Mac, and Linuxoperating systems. To bring the browser up to date, users should head over to the Chrome menu (three horizontal dots in the upper right corner of the window) and navigate to Help > About Google Chrome. For us, the update was available immediately upon pressing the “check for new updates” button. Google, however, claims that the update should be available to all Chrome users “in the coming days and weeks”.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The update also required a browser reboot.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)