Google has issued a security update to handle an exploited zero-day vulnerability in Chrome, the first one for 2023.
Users should upgrade to Chrome version 112.0.5615.121 as soon as possible.
Indexed as Common Vulnerabilities and Exposures (CVE) 2023-2033, the bug is due to a type confusion issue in Chrome's V8 Javascript engine.
Type confusion can happen when a programmer's code doesn't verify the form of object that is passed to it, and uses it without checks.
Attackers can abuse type confusion bugs with specially crafted web pages, containing malicious Javascript code that executes when users visit sites.
The current vulnerability is being exploited, but Google provided no further details on where that has happened, or when.
Google's Threat Action Group (TAG) researcher Clément Lecigne is credited with having reported the bug on April 11.
Chrome is the world's most popular web browser, estimated to be used by anywhere from 2.7 billion to 3.2 billion people, and it runs on several different desktop and mobile operating systems.
Its underlying Chromium open source technology such as rendering engine is used by other software vendors such as Microsoft for its Edge web browser.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
