News

Urgent Update Time for Chrome, Zero-day is Here

Muscal 2 years ago

An update has been released for a newly discovered zero-day vulnerability in Chrome. We recommend you make this update as soon as possible.

Windows, Mac and Linux systems should upgrade to version 12.0.5615.121 as soon as possible to fix the vulnerability tracked as CVE-2023-2033.

In this article, I will explain what this critical vulnerability in Chrome is, how it is exploited, and how you can protect yourself.

google chrome update Chrome

What is a zero-day vulnerability in Chrome?

A zero-day vulnerability refers to a security weakness in software. This vulnerability can be exploited by attackers because it has not yet been recognized or fixed by the software developers.

The zero-day vulnerability in Chrome is a type confusion issue in the V8 JavaScript engine. V8 is a component that enables Chrome to execute JavaScript code on web pages. A type confusion issue can cause V8 to misidentify the type of data in memory and cause memory corruption. This allows attackers to remotely execute code or access systems.

The zero-day vulnerability in Chrome was reported by Clement Lecigne of Google’s Threat Analysis Group (TAG) on April 11, 2023. Google confirmed that this high-grade vulnerability, codenamed CVE-2023-2033, was exploited in the wild but did not share further technical details or attack indicators (IoC).

CVE-2023-2033 also shows similarities to CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262, four other type confusion vulnerabilities actively exploited in V8 that were fixed by Google in 2022.

How is the Zero-Day Vulnerability in Chrome Exploited?

A zero-day exploit in Chrome can target users who visit a malicious HTML page crafted by attackers. This page contains JavaScript code that causes V8 to misrecognize the type of data in memory, causing memory corruption. This allows attackers to remotely execute code or access systems.

It is not yet clear how the attack was carried out or who is behind it. However, Google’s TAG team notes that state-sponsored actors may play a role in such cyberattacks.

How Can You Avoid a Zero-Day Vulnerability in Chrome?

The most effective way to protect yourself from the zero-day exploit in Chrome is to update Chrome to the latest version. Google announced the release of version 112.0.5615.121 to fix this vulnerability.

How to update Chrome on Windows, Mac, or Linux

To update Chrome on your Windows, Mac, or Linux computer, follow these steps:

  1. Open Chrome and click on the three-dot menu icon at the top right corner of the browser window.
  2. Click on Help and then About Google Chrome.
  3. Chrome will automatically check for updates and show you the current version of the browser. If an update is available, it will download and install it automatically.
  4. Once the update is complete, you will see a Relaunch button. Click on it to restart Chrome and apply the update.

You can also check for updates manually by typing chrome://settings/help in the address bar and pressing Enter.

How to update Chrome on Chrome OS

To update Chrome on your Chromebook or other Chrome OS device, follow these steps:

  1. Open the Settings app and scroll down to the About Chrome OS section on the bottom left of the window.
  2. Click on Check for updates. Chrome OS will automatically check for updates and show you the current version of the operating system. If an update is available, it will download and install it automatically.
  3. Once the update is complete, you will see a Restart button. Click on it to restart your device and apply the update.

You can also check for updates manually by typing chrome://settings/help in the address bar and pressing Enter.

How to know if your Chrome is up to date

You can easily tell if your Chrome is up to date by looking at the color of the three-dot menu icon at the top right corner of the browser window.

  • If the icon is green, it means an update was released less than two days ago.
  • If the icon is orange, it means an update was released about four days ago.
  • If the icon is red, it means an update was released at least a week ago.

If you see any of these colors, you should update Chrome as soon as possible by following the steps above.

Alternatively, you can type chrome://version in the address bar and press Enter to see the exact version number of your Chrome browser.

Chrome update Chrome

You might want to read this article.

Muscal

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Linux

Secure SSH Connection to Ubuntu Servers

Sun Apr 16 , 2023
We use SSH protocol to access Linux Ubuntu servers. (Ubuntu server 22.04) Users use SSH connection with default settings. However, this usage brings security risks. If the IP address of the server you SSH to is a public IP, this poses a much greater risk. In this article, we will […]
Secure SSH

You May Like