Google Chrome Users Urged to Update Their Browsers ASAP: Billions of Google Chrome users are being advised to update their browsers immediately after 15 security flaws were identified. The Google Chrome 113 update for desktop computers was released on Tuesday, May 8, 2023, and is available for the Windows, Mac, and Linux operating systems. The update will be rolled out in the coming days, according to a statement from Google.
Table of Contents
While Google’s internal security team has characterized the flaws as low and medium risk, installing the update will help protect the browser against potential attacks. The company has not provided details about the exact nature of the bugs for security purposes. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed,” Google said in a statement.
Google Chrome is used by more than three billion people around the world. To help identify vulnerabilities, the company uses the Google Bug Hunters initiative, whereby people who spot security vulnerabilities can report them to Google for a bounty.
Chrome’s Zero-Day Vulnerability
Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit that’s already in circulation on the internet and can allow malicious code to be executed. Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects Windows, Mac, and Linux systems, and is listed as CVE-2023-2033 in the US National Vulnerability Database.
Meanwhile, the update will roll out in the coming weeks on Google’s stable desktop channel, the company said. The high-severity vulnerability was described by Google as a “type confusion” issue in the V8 JavaScript engine. Google Chrome V8 is Google’s open source JavaScript and WebAssembly engine.
“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the company said in a statement on April 14.
NIST, the US Commerce Dept. agency that runs the National Vulnerability Database, went further in its CVE description about the vulnerability. “Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” NIST said.
Google is yet to release complete details on the vulnerability. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said in the statement.
How to update Chrome
To update Chrome, users can click the overflow menu on the right side of the menu bar and then go to Help and About Google Chrome. Chrome will automatically check for browser updates and, by default, update the browser. Once the update is complete, users need to restart the browser.
Clement Lecigne of Google’s Threat Analysis Group identified the vulnerability and reported the issue on April 11. In addition to fixing CVE-2023-2033, the Chrome update also fixes a variety of issues detected during internal audits and other initiatives, the company said.
The frequency of zero-day vulnerabilities in Chrome
This is the first zero-day vulnerability reported in Chrome this year. In December, Google released an update for Chrome after a different type of confusion vulnerability in V8 was identified. A type of confusion error occurs when a program uses one type of method to allocate or initialize a resource but uses another method to access that resource, leading to an out-of-bounds memory access, according to cybersecurity firm NSFocus, in an alert it sent about Chrome’s December update. “By convincing a user to visit a specially crafted Web site, a remote attacker could ultimately achieve arbitrary code execution or cause a denial of service on
It is important for users to stay vigilant and update their software regularly, as cyber attackers are always looking for new vulnerabilities to exploit. With the growing reliance on digital technologies, the risk of cyber-attacks has increased significantly, making it all the more important for individuals and organizations to take proactive measures to secure their systems and networks.
In addition to keeping software up-to-date, users should also follow other best practices for cybersecurity, such as using strong and unique passwords, enabling two-factor authentication, and avoiding suspicious links and attachments in emails or messages. It is also important to regularly back up important data to prevent data loss in the event of a cyber-attack or system failure.
As technology continues to advance and become more integrated into our daily lives, the threat of cyber attacks will remain a persistent challenge. However, by staying informed and taking proactive measures to secure our systems and networks, we can mitigate the risk and protect ourselves from potential harm.
