![]() ![]() Users are recommended to upgrade to version 1.121 for Windows, macOS, and Linux to mitigate potential threats. It also comes within a week of Apple releasing updates to patch two actively exploited zero-day vulnerabilities ( CVE-2023-28205 and CVE-2023-28206) in iOS, iPadOS, macOS, and Safari web browser that could lead to arbitrary code execution. The development comes days after Citizen Lab and Microsoft disclosed the exploitation of a now-patched flaw in Apple iOS by customers of a shadowy spyware vendor named QuaDream to target journalists, political opposition figures, and an NGO worker in 2021. Google closed out a total of nine zero-days in Chrome last year. Join our insightful webinar! Join the Session □ Mastering API Security: Understanding Your True Attack Surfaceĭiscover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. ![]() The tech giant acknowledged that "an exploit for CVE-2023-2033 exists in the wild," but stopped short of sharing additional technical specifics or indicators of compromise (IoCs) to prevent further exploitation by threat actors.ĬVE-2023-2033 also appears to share similarities with CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262 – four other actively abused type confusion flaws in V8 that were remediated by Google in 2022. "Type confusion in V8 in Google Chrome prior to 1.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to the NIST's National Vulnerability Database (NVD). ![]() Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on April 11, 2023. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. ![]()
0 Comments
Leave a Reply. |