Google Chrome, the most widely used web browser, faces a type confusion vulnerability (CVE-2023-2033). Google has addressed the vulnerability with the latest version of Chrome. Clement Lecigne of Google’s Threat Analysis Group has reported this vulnerability.
Google has mentioned in the advisory that they are aware of active exploitation of this vulnerability in the wild. CVE-2023-2033 is the first zero-day vulnerability in the Chrome browser addressed by Google.
CISA has added the CVE-2023-2033 to its Known Exploitable Vulnerabilities Catalog and requested users to patch the vulnerabilities before May 8th, 2023.
Google Chrome versions before 112.0.5615.121 are affected by this vulnerability.
Customers are requested to upgrade to the latest stable channel version, 112.0.5615.121, for Windows, Mac, and Linux. For more information, please refer to the Google Chrome security page.
Microsoft has released the Microsoft Edge Stable Channel (Version 112.0.1722.48) to address CVE-2023-2033, which the Chromium team has reported as being exploited in the wild.
Qualys customers can scan their devices with QIDs 378417 and 378418 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.