Summary:
On Friday, Google released security updates to address a high-severity zero-day in Chrome web browser. Tracked as CVE-2023-2033, the vulnerability is related to a type confusion bug in the Chrome V8 JavaScript engine. “Although type confusion flaws would generally allow attackers to trigger browser crashes after successful exploitation by reading or writing memory out of buffer bounds, threat actors can also exploit them for arbitrary code execution on compromised devices” (Bleeping Computer, 2023). To address CVE-2023-2033, Google has released Chrome version 112.0.5615.121. Users have been advised to upgrade to the latest version as soon as possible.

Analyst comments:
CVE-2023-2023 is the first zero-day that Google has addressed since the start of the year. Although Google stated it is aware of attacks in the wild exploiting this flaw, it has yet to share the technical details of such attacks to give users enough time to update their browsers.

Mitigation:
To update Chrome, head to Settings → About Chrome → Wait for the download of the latest version to finish → Restart the program.

Source:
https://www.bleepingcomputer.com/ne...mergency-update-fixes-first-zero-day-of-2023/