According to Forbes*, Chrome is now used by over three billion users worldwide, but following Google’s discovery of the browser’s first Zero Day exploit this year, everyone needs to update their browser as a matter of priority.
In a new blog post, Google confirmed the discovery of the Zero Day vulnerability and it impacts Chrome on Windows, Mac and Linux. Google also confirmed it is aware that an exploit exists in the wild.
The vulnerability, CVE-2023-2033, stems from a “Type Confusion in V8.” This occurs when a program uses one method to allocate or initialize a resource, but an incompatible method then accesses that resource, potentially providing unsecured access to the browser’s memory.
The vulnerability was discovered by Google’s Threat Analysis Group, but a patch couldn’t be created before the first exploits of Chrome began.
The good news is Google now has a patch, and you need to update Chrome immediately to get it. To do this, click the overflow menu bar (three vertical dots) in the browser’s top right corner, then Help > About Google Chrome. This will force Chrome to check for browser updates. Once the update is complete, you must restart the browser to be fully protected. Google has done an incredible job patching Chrome vulnerabilities this year, and it is remarkable that we got to April before the first Zero-Day exploit occurred. To put this in perspective, Chrome had 15 Zero Day exploits in 2021 and nine in 2022, so the progress is clear.
Being the most popular browser, it naturally attracts threat actors to constantly look for vulnerabilities in the software. Although this was the first zero day to be revealed in Chrome this year, it highlights that cybercriminals are always very active and persistent in their attempts to locate what they can to exploit. A zero day and Google’s quick update, as well as the fact that there are already reports of exploits in the wild, point towards a very dangerous vulnerability.
It is imperative that your browser, whichever one you choose, remains up to date with the latest patches as these vulnerabilities can potentially be very damaging. Luckily most browsers will automatically update but this particular fix requires a restart of the browser so it is important to make sure your computer completes this action to remain protected.
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 