top of page

Google releases out-of-band updates to resolve CVE-2023-2033

Google has released an update to its Chrome web browser to fix a zero-day vulnerability that was being actively exploited. This is the first such bug to be addressed by Google this year. The vulnerability, tracked as CVE-2023-2033, is a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on April 11, 2023. "Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to the NIST's National Vulnerability Database (NVD). The tech giant acknowledged that "an exploit for CVE-2023-2033 exists in the wild," but stopped short of sharing additional technical specifics or indicators of compromise (IoCs) to prevent further exploitation by threat actors. CVE-2023-2033 also appears to share similarities with CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262 – four other actively abused type confusion flaws in V8 that were remediated by Google in 2022. This is the first zero-day vulnerability to be addressed by Google this year. In total, Google closed out nine zero-days in Chrome last year.


bottom of page