Google released an update for the Chrome web browser on Saturday night. It closes two vulnerabilities, one of which is already being attacked in the wild – a zero-day vulnerability. Users should therefore quickly check whether they are already using the current version.
Google Chrome: exploited zero-day vulnerability
In the Release notes for the new browser version the developers write that it closes two security gaps. One of them was reported by external IT researchers from the Google TAG team, which is why Google provides a brief summary. Nothing further is known about the other.
Attackers can use maliciously crafted HTML websites to create memory scrambling on the heap and use this to inject and execute malicious code. The bug is found in the JavaScript engine V8 and is based on a type confusion bug in which the data types used do not match (CVE-2023-2033, no CVSS classification yet).
Check the current version in use
The bug-fixed versions are 112.0.5615.100/.101 for Android and 112.0.5615.121 for Linux, macOS and Windows. Google wants to distribute them over the course of the day using automatic updates. Since a gap closed in this way is already being attacked, it could be too late. The Chrome version dialog can be used to check whether the corrected browser version is running on the computer.
The Google Chrome version dialog shows the currently used version and triggers the update process if available. In the end, the web browser needs to be restarted for the corrected code to run.
(Bild: Screenshot/dmk)
This can be found behind the browser settings, which can be reached with the button with the three stacked dots to the right of the address bar. From there, the path continues via “Help” – “About Google Chrome”. The dialog shows the currently used version and starts the update if necessary. At the end, the browser has to be restarted to activate the error-corrected program code. Under Linux, the distribution’s own software management usually takes care of applying the updates. Linux users should therefore start it and have it search for updated software.
The JavaScript engine V8 is also used in other Chromium-based web browsers such as Microsoft’s Edge. Updated software should also be available for these web browsers shortly, which users should install quickly.
Just last week, Google made the version jump to Chrome 112. Essentially, Release 16 had sealed security holes.
(dmk)
