{"id":20952,"date":"2023-04-18T08:44:25","date_gmt":"2023-04-18T12:44:25","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/chrome-vulnerability-april-2023\/20952\/"},"modified":"2023-04-18T17:58:50","modified_gmt":"2023-04-18T13:58:50","slug":"chrome-vulnerability-april-2023","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/chrome-vulnerability-april-2023\/20952\/","title":{"rendered":"And now it’s Chrome needs updating!"},"content":{"rendered":"

Another day \u2013 another browser vulnerability discovered! Indeed, the number of dangerous security holes has doubled within a week! Only recently we highlighted the urgent need to update<\/a> iOS and macOS due to a major bug in Apple WebKit (the engine inside Safari and other browsers in iOS). And now, due to a similar threat in terms of exploitability, you need to update other browsers too. This time the focus of attention is Google Chrome and related browsers (and not only browsers, but let\u2019s not get ahead of ourselves).<\/p>\n

Vulnerabilities in the V8 engine<\/h2>\n

\nThe vulnerability CVE-2023-2033<\/a> has been found in the V8 engine. This engine is used for processing JavaScript. It was found by the same researcher at Google\u2019s Threat Analysis Group (TAG) who had a hand in the discovery of the iOS and macOS vulnerabilities described in our previous post<\/a>.<\/p>\n

Since it\u2019s standard Google policy not to release details about a vulnerability until most users have updated their browsers, there are no specifics yet about this security hole. What we do know, however, is that an exploit for this vulnerability already exists<\/a>.<\/p>\n

For successful exploitation, attackers need to lure victims to a specially crafted malicious web page. That enables them to run arbitrary code on the target computer<\/a>. Like the previously found vulnerability in Safari WebKit, this hole facilitates zero-click attacks. In other words, cybercriminals can infect a device without any active actions on the user\u2019s part \u2014 just getting the victim to visit a dangerous site is enough.<\/p>\n

The vulnerability is known to exist at the very least in the desktop versions of all browsers based on Chromium<\/a>, which means not only Google Chrome itself, but also Microsoft Edge, Opera, Yandex Browser, Vivaldi, Brave, and many others. It likely affects Electron-based<\/a> applications, too. As we wrote<\/a> not so long ago, such programs are essentially web pages opened in the Chromium browser built into the application.<\/p>\n

How to protect yourself<\/h2>\n

\nTo neutralize the threat of CVE-2023-2033 on your computer, update all Chromium-based browsers installed on it right away. See our detailed post with an explanation of how to do this in Google Chrome<\/a>. But to cut to the chase:<\/p>\n