UPDATED 19:39 EST / APRIL 16 2023

SECURITY

Google Chrome update addresses vulnerability being exploited in the wild

Google LLC has released a security update to its popular Chrome browser that addresses a vulnerability that’s being actively exploited in the wild.

The Chrome update addresses the vulnerability designated CVE-2023-2033, which Google describes as a “Type Confusion in V8” vulnerability discovered by Clément Lecigne of Google’s Threat Analysis Group on April 11. Although Google did not provide further details of the vulnerability, the Common Vulnerabilities and Exposure listing on the National Institute of Standards and Technology websites describes it as allowing a remote attacker potentially to exploit heap corruption via a crafted HTML page.

Google did warn, however, that it’s aware that an exploit for the vulnerability exists in the wild. The update to Chrome also addresses a range of minor issues and fixes from internal audits, fuzzing and other initiatives.

Seemingly overlooked in initial reports, the vulnerability isn’t unique to Chrome since it resides in the Chromium Open Software Software, which other companies use as the base code for their browsers. Notable among them is Microsoft Corp.’s Edge browser, which is bundled with Windows. In response to the vulnerability, Microsoft pulled the latest version of Edge, called 112.0.1722.48, on Friday.

Other browsers known to use Chromium as their base code include Vivaldi, Opera and the Brave Browser. Brave Software International Inc. announced on its Twitter account on Friday that it had released an update to address the issue.

Chrome has had issues that needed to be addressed in the past, including a patch for another unpatched vulnerability in November. That vulnerability, designated CVE-2022-4135, was a heap buffer overflow in GPU in Chrome. It allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Google TAG also released a report late last month that detailed two campaigns that use various unpatched exploits against Android, iOS and Chrome. The vulnerabilities in Chrome had been patched, but it was noted that not all browsers that use Chrome and Chromium as their base had been updated. The report highlighted that the Samsung Electronics Co. Ltd. browser was using the same code base as Chrome 102, which was released in May 2022. The current version of Chrome today is 112.0.5615.121.

Photo: Needpix

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU