Google Chrome releases security fix for this major flaw, so update now

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • PCHF IT Feeds
    PCHF Bot
    • Jan 2015
    • 54573

    #1

    Google Chrome releases security fix for this major flaw, so update now

    Google says it has fixed a high-severity flaw in its Chrome browser which is currently being exploited by threat actors in the wild.

    In a security advisory, the company described the flaw being abused and urged the users to apply the fix immediately.

    “Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the advisory reads.

    [HEADING=1]Automatic updates[/HEADING]

    The zero-day in question is a confusion weakness vulnerability in the Chrome V8 JavaScript engine, the company said. Usually, this type of flaw can be used to crash the browser, but in this case it can also be used to run arbitrary code on compromised endpoints.

    The flaw was discovered by Clement Lecigne from the Google Threat Analysis Group (TAG). Usually, TAG works on finding flaws abused by nation-states, or state-sponsored threat actors. There is no word on who the threat actors abusing this flaw are, though.

    Read more
    Patch Google Chrome now to fix this emergency security flaw

    Emergency Google Chrome update patches exploit abused in attacks

    Check out the best firewalls around
    “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

    To remedy the vulnerability, users should make sure to update their browsers to version 112.0.5615.121 as soon as possible. The fix addresses the flaw on Windows, Mac, and Linux operating systems. To bring the browser up to date, users should head over to the Chrome menu (three horizontal dots in the upper right corner of the window) and navigate to Help > About Google Chrome. For us, the update was available immediately upon pressing the “check for new updates” button. Google, however, claims that the update should be available to all Chrome users “in the coming days and weeks”.

    The update also required a browser reboot.

    [ul]
    [li]Here are the best endpoint protection tools today[/li][/ul]

    Via: BleepingComputer

    Continue reading…
Working...