Last week, Google released an emergency security update for all its 3.2 billion Chrome users to address a high-severity zero-day vulnerability that is being actively exploited in the wild.
Google has rolled out the new Chrome version 112.0.5615.121 for Windows, Mac, and Linux systems, as an emergency update which means that the security issue in the Web browser is serious.
The emergency Chrome update to version 112.0.5615.121 is unique, as it only fixes a single security flaw. As a result, users are urged to apply the update to their Chrome browser as soon as possible and block attack attempts.
The zero-day vulnerability was submitted to Google by Clément Lecigne of Google’s Threat Analysis Group (TAG) on April 11, 2023.
In a Chrome stable channel update announcement for desktops, published on April 14, 2023, Google confirms it “is aware that an exploit for CVE-2023-2033 exists in the wild.”
What Is CVE-2023-2033?
A type confusion error occurs when the program uses one type of method to allocate a resource, object, or variable using a type and then accesses that resource using a different, incompatible type method, resulting in an out-of-bounds memory access.
This vulnerability can allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, says the CVE page.
The search giant said that “access to bug details and links may be kept restricted until a majority of users are updated with a fix.” In other words, as a precaution, Google will not disclose technical details of the vulnerability until the emergency update has been able to protect most of Chrome’s 3.2 billion users.
It also noted, “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
While the web browser will automatically check for new updates, you can too check for new updates by going to the three dots menu in Chrome in the top right corner, click on “Help”, and then “About Chrome”.
The security patch for Google Chrome is expected to roll out to all Chrome users over the coming days or weeks.
Google thanked the security researchers who notified the company about the vulnerability. “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” said the company.