Update Now: Emergency Patch Released for Serious Chrome Browser Flaw

Time to click “update” on your Chrome browser: Hackers have been spotted exploiting a serious “zero-day” vulnerability in the software to attack users. 

Google has begun rolling out a patch for the previously unknown vulnerability, which has been dubbed CVE-2023-2033. On Friday, the company published a security notice(Opens in a new window), warning “Google is aware that an exploit for CVE-2023-2033 exists in the wild.”

There are not a lot of details about the vulnerability. For now, Google describes it as a“type confusion”-related flaw in the V8 JavaScript engine for the browser. 

A type confusion bug usually involves the software failing to verify a resource, opening a way to access other processes in the program. This can include reading or writing memory out of the normal bounds in the program’s code. Hence, the vulnerability can be particularly powerful, especially since it involves JavaScript, which is prevalent on web pages. In the past, hackers have exploited type-confusion bugs to help them launch malicious computer code on computers, sometimes through a website or link. 

Google discovered the bug through Clément Lecigne, a security researcher on the company’s Threat Analysis Group team, which focuses on tracking elite hackers and uncovering zero-day vulnerabilities. So it’s possible a state-sponsored hacking group or a commercial spyware dealer was spotted exploiting the flaw to attack a high-value target. 

The company’s patch arrives in version 112.0.5615.121. A button to update Chrome should appear in the upper-right corner of the browser. Otherwise, go to the “About Chrome” tab to automatically receive the update or visit Google’s support page(Opens in a new window) on how to download the patches. CVE-2023-2033 appears to be the first zero-day vulnerability found in Chrome this year.