Recently, Google uncovered the first Zero Day exploit in Chrome for this year. This has put three billion users worldwide at risk. In a blog post, Google urges users to update their Chrome browser immediately since the vulnerability affects Chrome on Windows, Mac, and Linux. The company also acknowledged that an exploit is present in the wild. The vulnerability, CVE-2023-2033, results from a “Type Confusion in V8.” An incompatible method is used to access a previously allocated or initialized resource, thereby allowing unauthorized access to the browser’s memory.
The vulnerability was discovered by Google’s Threat Analysis Group, but unfortunately, they were unable to create a patch before the first Chrome exploits emerged. Fortunately, Google has now developed a patch, and users are required to update Chrome immediately to receive it. To update Chrome, users should click on the overflow menu bar (three vertical dots) in the top right corner of the browser and select Help > About Google Chrome. This will prompt Chrome to check for browser updates. Once the update is complete, the browser must be restarted to ensure complete protection.
Google has made significant progress in patching Chrome vulnerabilities this year, and it’s worth noting that the first Zero-Day exploit only occurred in April. This is remarkable when compared to the 15 Zero Day exploits that Chrome had in 2021 and the nine in 2022. This progress is evince of Google’s dedication to improving Chrome’s security.
Given Chrome’s market dominance, it is an appealing target for cyber attackers. In March 2022, Google warned users to anticipate a rise in the number of Zero Day attacks. Despite this, the progress made by the company in enhancing Chrome’s security is impressive as it has significantly reduced the number of attacks.
One of the reasons for Google’s success in reducing the number of Chrome attacks is its effective reporting system and high payout of bounties for vulnerabilities. Google’s bug bounty program provides an incentive for security researchers to sell their discoveries to the company rather than cyber attackers. In 2022, Google paid out over $12 million in bug bounties, with a record bounty of $605,000 for a critical exploit.
