Get in Touch
Google releases patch for actively exploited zero-day
Target Industry
Government entities, critical national infrastructure, high-risk/value individuals.
Overview
Google has released a patch which covers two security fixes under a single CVE [CVE-2023-2033]. The vulnerability is known to be under active exploit in the wild. The vulnerability pertains to the type confusion within V8, a JavaScript and WebAssembly engine written in C++. This component of the browser is multi-platform, meaning that the exploit may be effective on a variety of different operating systems and architectures. For now, Google is restricting access to information about the bug until the majority of potentially impacted systems have been updated, however, type confusion flaws often allow exploitation by reading or writing to memory for data access or arbitrary code execution.
Impact
The impact of a successful exploit has not been made public until users and developers have had sufficient time to patch their systems and/or update their own projects that may also be affected.
Vulnerability Detection
Navigate within Chrome to Help > About Google Chrome. The latest version which encompasses this patch is 112.0.56.15.121. It is not known which versions below this are impacted.
Affected Products
– Google Chrome
Containment, Mitigations & Remediations
There are no workarounds that address these vulnerabilities. As such, it is strongly recommended that users upgrade the affected products to version 112.0.5615.121
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available at this time.
Threat Landscape
Google Chrome holds a significant portion of the web browser market and is based on Chromium, an open-source browser that is also the foundation of other web browsers such as Microsoft Edge and Brave Opera. This may mean that other browsers may be susceptible to this exploit and release updates themselves in the coming days. The discovery was made by the Google TAG team which works to counter government-backed hacking and attacks against Google and users of its products and services.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Tactic:
TA0001 – Initial Access
Persistence:
T1176– Browser Extensions
Execution:
T1059.007 – Command and Scripting Interpreter: JavaScript
Tactic:
TA0009 – Collection
Further Information
Bleeping Computer
NIST
Google Update Channel