overview
A zero-day vulnerability (CVE-2023-2033) was found in Google’s Chrome web browser. CVE-2023-2033 is a high-severity vulnerability described as a type confusion issue in the V8 JavaScript engine. Google’s security advisory stated that there is an exploit for the flaw in the wild but to prevent further exploitation by attackers, the tech company has not released technical details or indicators of compromise.
According to the National Vulnerability Database (NVD), a vulnerability in V8, used in Google Chrome versions prior to 112.0.5615.121, could enable a remote attacker to exploit heap corruption through a specially crafted HTML page. Although there is no CVSS score for CVE-2023-2033, Google is tracking the vulnerability as a “high” severity issue.
Fortunately, Google has already released a patch for the flaw and is urging all users to update their browsers as soon as possible. Google has released an update to Chrome (v112.0.5615.121) that not only addresses the type confusion vulnerability, but also patches various other unnamed issues. To make sure your browser is up to date, you can click the three dots menu in the top right corner, select “Help”, and then “About Chrome”.
At this time, there are no known IoCs associated with CVE-2023-2033. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION