Google releases patch for actively exploited zero-day

Target Industry

Government entities, critical national infrastructure, high-risk/value individuals.

Overview

Google has released a patch which covers two security fixes under a single CVE [CVE-2023-2033]. The vulnerability is known to be under active exploit in the wild. The vulnerability pertains to the type confusion within V8, a JavaScript and WebAssembly engine written in C++. This component of the browser is multi-platform, meaning that the exploit may be effective on a variety of different operating systems and architectures. For now, Google is restricting access to information about the bug until the majority of potentially impacted systems have been updated, however, type confusion flaws often allow exploitation by reading or writing to memory for data access or arbitrary code execution.

Impact

The impact of a successful exploit has not been made public until users and developers have had sufficient time to patch their systems and/or update their own projects that may also be affected.

Vulnerability Detection

Navigate within Chrome to Help > About Google Chrome. The latest version which encompasses this patch is 112.0.56.15.121. It is not known which versions below this are impacted.

Affected Products

– Google Chrome

Containment, Mitigations & Remediations

There are no workarounds that address these vulnerabilities. As such, it is strongly recommended that users upgrade the affected products to version 112.0.5615.121

 Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available at this time.

Threat Landscape

Google Chrome holds a significant portion of the web browser market and is based on Chromium, an open-source browser that is also the foundation of other web browsers such as Microsoft Edge and Brave Opera. This may mean that other browsers may be susceptible to this exploit and release updates themselves in the coming days. The discovery was made by the Google TAG team which works to counter government-backed hacking and attacks against Google and users of its products and services.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactic:
TA0001 – Initial Access

Persistence:
T1176– Browser Extensions

Execution:
T1059.007 – Command and Scripting Interpreter: JavaScript

Tactic:
TA0009 – Collection

Further Information

Bleeping Computer
NIST
Google Update Channel