Google released a significant update for Chrome Desktop on Friday to address a zero-day vulnerability that has already been exploited.
This marks the first instance of a zero-day vulnerability being exploited in attacks since the beginning of 2023, prompting Google to act swiftly and release an emergency update to resolve the issue.
In a Chrome release advisory, Google said that it “is aware that an exploit for CVE-2023-2033 exists in the wild.”
To address the CVE-2023-2033 vulnerability on Windows, Mac, and Linux systems, Chrome users are advised to upgrade to version 112.0.5615.121 as soon as possible.
This update can be accessed through the Chrome menu > Help > About Google Chrome, and it was immediately made available, as confirmed by BleepingComputer when checking for new updates.
Additionally, the web browser will automatically check for new updates and install them without requiring any user interaction after a restart.
It is recommended that users take advantage of this feature to ensure that their Chrome browser is always up to date with the latest security patches.
Google has not shared any further information about the vulnerability or the in-the-wild exploitation, including any indicators of compromise (IOCs) or targeted machines.
The company stated that access to bug details and links may be restricted until the majority of users have updated their systems with the fix.
Furthermore, Google stated that restrictions may be maintained if the bug exists in a third-party library that other projects depend on but have yet to address.
This approach is taken to prevent any potential attacks on unpatched systems and to encourage developers to update their software with the necessary fixes.
According to data tracked by SecurityWeek, there have been 20 documented in-the-wild zero-day compromises this year.
Out of these, security vulnerabilities were found in code from Microsoft, Apple, and Google accounts for 12 zero-days in 2023.
This indicates a growing trend of attackers exploiting vulnerabilities in widely used software, making it crucial for users to keep their systems updated with the latest security patches.