The first such problem to be fixed since the year’s beginning, Google fixed an actively exploited zero-day vulnerability in its Chrome web browser on Friday by releasing out-of-band upgrades. The high severity vulnerability, tracked as CVE-2023-2033, has been identified as a type misunderstanding problem in the V8 JavaScript engine. On April 11, 2023, Clement Lecigne of Google’s Threat Analysis Group (TAG) is credited for reporting the problem.
“Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” according to the National Vulnerability Database (NVD) of NIST.