If you happen to be a Google Chrome user, you need to update your browser to the latest version ASAP! This is because Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild.
In a recent blog post, Google has issued a warning confirming the presence of a vulnerability, tracked as CVE-2023-2033, that impacts Chrome on Windows, Mac, and Linux.
“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the company said in a barebones advisory that credits Clément Lecigne of Google’s Threat Analysis Group for reporting the issue.
CVE-2023-2033 deeper dive
As per the incident report, the bug occurs when a program allocates or initializes a resource using one method, but an incompatible method tries to access that resource, which could potentially expose the browser’s memory.
Google did not provide any additional details of the bug. The alphabet owned company also added that access to the bug details and links may be kept restricted until a majority of users are updated with a fix.
The company said it may also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
How to update Google Chrome on Mac or PC
The patch is being pushed to Chrome 112.0.5615.121 for Windows, Mac and Linux and will roll out via the software’s automatic patching mechanism over the coming days/weeks.
To update, follow the following steps:
- Click on the three-dot icon.
- Navigate to Help, then click About Google Chrome.
- You’ll see the below page with all the information you need about your current version of Google Chrome. When this page opens, Chrome also checks for pending updates, so you’ll see an animation while it checks and another spirit while it updates your browser if it finds an update.
- Google will prompt you to Relaunch your browser if you have an update. It’s essential to do so, as your browser isn’t fully updated until it restarts.
- Alternatively, you can click Update icon found at the top right corner of the browser.
What is a Zero-Day exploit?
A zero-day (0day) exploit is a cyber attack targeting a software vulnerability which is unknown to the software vendor or to antivirus vendors.
The attacker spots the software vulnerability before any parties interested in mitigating it, quickly creates an exploit, and uses it for an attack.
Zero-day exploits are dangerous because they can be used to attack systems without any warning or time for patching
Here are some browser security best practices
- Enable automatic updates: Keeping your browser up to date is essential, as it ensures you receive the latest security patches.
- Use strong and unique passwords: A robust password manager can help you generate and store secure passwords for your online accounts.
- Install reputable browser extensions: Be cautious when adding extensions, as some may contain security vulnerabilities or malicious code.
This first Chrome Zero Day exploit of 2023 should serve as a reminder for the importance of browser security.
To have a more secure browsing experience, users should stay informed and take proactive measures.
