Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems. Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed.Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects Windows, Mac, and Linux systems, and is listed as CVE-2023-2033 in the US’ National Vulnerability Database.Meanwhile, the update will roll out in the coming weeks on Google’s stable desktop channel, the company said. The high-severity vulnerability was described by Google as a “type confusion” issue in the V8 JavaScript engine. Google Chrome V8 is Google’s open source JavaScript and WebAssembly engine. “Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the company said in a statement on April 14.NIST, the US Commerce Dept. agency that runs the National Vulnerability Database, went further in its CVE description about the vulnerability. “Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” NIST said. Google is yet to release complete details on the vulnerability. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said in the statement. How to update ChromeTo update Chrome, users can click the overflow menu on the right side of the menu bar and then go to Help and About Google Chrome. Chrome will automatically check for browser updates and, by default, update the browser. Once the update is complete, users need to restart the browser. Clement Lecigne of Google’s Threat Analysis Group identified the vulnerability and reported the issue on April 11. In addition to fixing CVE-2023-2033, the Chrome update also fixes a variety of issues detected during internal audits and other initiatives, the company said. This is the first zero-day vulnerability reported in Chrome this year. In December, Google released an update for Chrome after a different type confusion vulnerability in V8 was identified.A type confusion error occurs when a program uses one type of method to allocate or initialize a resource but uses another method to access that resource, leading to an out-of-bounds memory access, according to cybersecurity firm NSFocus, in an alert it sent about Chrome’s December update. “By convincing a user to visit a specially crafted Web site, a remote attacker could ultimately achieve arbitrary code execution or cause a denial of service on the system,” NSFocus said.Last year, 9 zero-day vulnerabilities were identified in Chrome. In 2022, the number of known open source vulnerabilities rose by 4% from 2021, according to a report by Synopsys. At least one known open source vulnerability was detected in 84% of all commercial and proprietary code bases examined by researchers, and 48% of all code bases analyzed contained high-risk vulnerabilities Related content news Kroll cyber threat landscape report: AI assists attackers AI is simplifying all sorts of tasks — and not always for the better: cybercriminals, too, are adopting it. By Lynn Greiner May 24, 2024 4 mins Threat and Vulnerability Management Cybercrime Vulnerabilities news analysis Windows Recall — a ‘privacy nightmare’? The Windows AI feature announced by Microsoft this week quickly drew criticism for recording regular screenshots of a user’s screen; one security expert compared it to keylogging software. By Matthew Finnegan May 24, 2024 1 min Privacy feature What is spear phishing? Examples, tactics, and techniques Spear phishing is a targeted email attack purporting to be from a trusted sender. Learn how to recognize—and defeat—this type of phishing attack. By Josh Fruhlinger May 24, 2024 14 mins Phishing Cyberattacks Fraud news analysis Emerging ransomware groups on the rise: Who they are, how they operate New and developing ransomware gangs move to fill the void left by the shutdown and law enforcement disruption of big players, with differing tactics and targets. By Lucian Constantin May 24, 2024 6 mins Ransomware Cybercrime PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe