Skip to main content

Update Chrome now to avoid this major zero-day exploit

The Google Chrome browser has been hit by its first zero-day attack of 2023, and Google has begun rolling out an emergency update as of today to address the exploit.

Google detailed on its Chrome Release blog that it is aware that an exploit for CVE-2023-2033 exists in the wild. It has likely been circulating since the beginning of the year, according to Bleeping Computer.

Google Chrome open with several tabs.
Arif Bacchus/ Digital Trends / Digital Trends

The exploit was discovered and reported by Clement Lecigne of Google’s Threat Analysis Group (TAG). The group is known for locating government-sponsored bad actors that intend to hack Google to get access to high-profile people, such as journalists and rival politicians, so they can infect their accounts and devices with spyware, the publication noted.

Recommended Videos

The CVE-2023-2033 vulnerability is considered high-severity and is detailed as a “confusion weakness in the Chrome V8 JavaScript engine.” However, Google has shared few other details about the attack at this time, particularly about how the CVE-2023-2033 vulnerability has been used in actual attacks. The name “zero-day” indicates that the vulnerability still exists in the wild, despite Google having addressed it with an update.

Please enable Javascript to view this content

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”

The update version 112.0.5615.121 addressing CVE-2023-2033 is currently available for Chrome users in the Stable Desktop channel and will roll out to all users over several days and weeks. The update is compatible with Windows, Mac, and Linux systems. BleepingComputer noted it was able to access the update immediately by accessing Chrome menu > Help > About Google Chrome. The update will also hit Chrome browsers automatically when available after a restart.

In March 2022, a similar zero-day vulnerability called CVE-2022-1096 affected Chrome’s V8 JavaScript engine specifically on Mac devices.

A major zero-day vulnerability that affected Windows programs in June 2022, called CVE-2022-30190, Follina, was traced to a Chinese TA413 hacking group and was aimed at the Tibetan diaspora, as well as U.S. and EU government agencies.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
5 web browsers you should use instead of Google Chrome or Edge
Google Drive in Chrome on a MacBook.

Google Chrome and Microsoft Edge dominate the world of web browsers, but they’re not for everyone. Whether you want a browser that better respects your privacy or need an app that does things a little bit differently, you don’t have to stick to the usual suspects.

There’s a world of alternative web browsers out there if you want to give something new a try. Here, we’ve put together five excellent options, with each one bringing fresh new ideas to the table. So, if you’re sick of Chrome and Edge, take one of these browsers for a spin.
Arc
Easels let you pin live websites snippets, which can update themselves and be interacted with. Alex Blake / Digital Trends

Read more
Google may build Gemini AI directly into Chrome
The Google Gemini AI logo.

Google is now fleshing out its newly unified Gemini AI system in its browser with its first attempt at implementing Chat with Gemini into the Chrome Omnibox.

This latest effort will update Google Chrome with a Chat with Gemini shortcut in the Chrome Omnibox, allowing users to access the AI chatbot feature without having to go to the Gemini website, according to WindowsReport. The Omnibox serves as an address bar and search bar, and it adds multiple other tasks to a browser. Now with a simple @ prompt, you can also access Google's AI chatbot to answer questions, create images, and generate summaries, among other tasks.

Read more
Google just settled a $5B privacy suit involving Chrome browser
The Google Chrome logo on a smartphone.

Google has agreed to settle a $5 billion lawsuit brought by claimants who accused the web giant of privacy invasion by tracking their online activities despite being in “incognito mode” when using the company’s Chrome browser.

After lawyers announced on Thursday that they’d reached a preliminary agreement, U.S. District Judge Yvonne Gonzalez Rogers put a scheduled trial for the case in California on hold, Reuters reported.

Read more