On 14 April, Google released a Chrome update that removes the first Zero-Day vulnerability found in the browser this year. The vulnerability, no. CVE-2023-2033, is actively exploited in attacks around the world. The company does not provide details on said vulnerability and only describes it as ‘Type Confusion’ in the V8 rendering engine. Mentioned vulnerability allows remote code to be run through a properly crafted WEB site. The vulnerability was patched in Chrome 112.0.5615.121.
Sadly, these are not the latest vulnerabilities in browsers based on the Chromium engine. Since the end of March, five other vulnerabilities have officially been found in the Chromium engine, which is used not only by Google Chrome, but also browsers like EDGE or Opera. These are the numbers of the aforementioned vulnerabilities: CVE-2023-2133, CVE-2023-2134, CVE-2023-2135, CVE-2023-2136, CVE-2023-2137. They all allow remote code execution and have been classified as highly severe (severity: high). The vulnerabilities have been fixed in version 112.0.5615.137. Therefore, it is recommended to update the browser as soon as possible (currently the latest version for Windows systems is: 112.0.5615.138)