{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-024.pdf"
    },
    "title": "Type confusion flaw in Google Chrome",
    "serial_number": "2023-024",
    "publish_date": "18-04-2023 11:30:00",
    "description": "Google has released out-of-band updates to address a vulnerability in its Chrome web browser, identified as CVE-2023-2033. The high-severity flaw is a type confusion issue within the V8 JavaScript engine. Users of Google Chrome, as well as other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi, are strongly advised to update to the latest version to mitigate potential threats.",
    "url_title": "2023-024",
    "content_markdown": "--- \ntitle: 'Type confusion flaw in Google Chrome' \nversion: '1.0'\nnumber: '2023-024'\noriginal_date: 'April 17, 2023'\ndate: 'April 18, 2023'\n---\n\n_History:_\n\n* _18/04/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nGoogle has released out-of-band updates to address a vulnerability in its Chrome web browser, identified as `CVE-2023-2033`. The high-severity flaw is a type confusion issue within the V8 JavaScript engine. Users of Google Chrome, as well as other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi, are strongly advised to update to the latest version to mitigate potential threats.\n\n# Technical Details\n\n`CVE-2023-2033` is a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome and other Chromium-based web browsers. Type confusion issues can lead to a crash of the application, or code execution when a user visits a specially crafted and malicious HTML page. This vulnerability shares similarities with `CVE-2022-1096`, `CVE-2022-1364`, `CVE-2022-3723`, and `CVE-2022-4262`, which were abused type confusion flaws in V8 that were patched by Google in 2022.\n\nAlthough Google acknowledged the existence of an exploit for `CVE-2023-2033` in the wild, the company has not provided further technical details or indicators of compromise (IoCs) to prevent additional exploitation by threat actors.\n\n# Affected Products\n\nThe following products are affected by `CVE-2023-2033`:\n\n- Google Chrome prior to version 112.0.5615.121\n- Chromium-based browsers such as Microsoft Edge, Brave and Opera that have not yet applied the relevant fixes\n\n# Recommendations\n\nTo mitigate the risks associated with `CVE-2023-2033`, users are advised to:\n\n- Update Google Chrome to version 112.0.5615.121 for Windows, macOS, and Linux.\n- Update other Chromium-based browsers as soon as fixes become available.\n\n# References\n\n[1] <https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html>\n\n[2] <https://nvd.nist.gov/vuln/detail/CVE-2023-2033>",
    "content_html": "<p><em>History:</em></p><ul><li><em>18/04/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>Google has released out-of-band updates to address a vulnerability in its Chrome web browser, identified as <code>CVE-2023-2033</code>. The high-severity flaw is a type confusion issue within the V8 JavaScript engine. Users of Google Chrome, as well as other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi, are strongly advised to update to the latest version to mitigate potential threats.</p><h2 id=\"technical-details\">Technical Details</h2><p><code>CVE-2023-2033</code> is a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome and other Chromium-based web browsers. Type confusion issues can lead to a crash of the application, or code execution when a user visits a specially crafted and malicious HTML page. This vulnerability shares similarities with <code>CVE-2022-1096</code>, <code>CVE-2022-1364</code>, <code>CVE-2022-3723</code>, and <code>CVE-2022-4262</code>, which were abused type confusion flaws in V8 that were patched by Google in 2022.</p><p>Although Google acknowledged the existence of an exploit for <code>CVE-2023-2033</code> in the wild, the company has not provided further technical details or indicators of compromise (IoCs) to prevent additional exploitation by threat actors.</p><h2 id=\"affected-products\">Affected Products</h2><p>The following products are affected by <code>CVE-2023-2033</code>:</p><ul><li>Google Chrome prior to version 112.0.5615.121</li><li>Chromium-based browsers such as Microsoft Edge, Brave and Opera that have not yet applied the relevant fixes</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>To mitigate the risks associated with <code>CVE-2023-2033</code>, users are advised to:</p><ul><li>Update Google Chrome to version 112.0.5615.121 for Windows, macOS, and Linux.</li><li>Update other Chromium-based browsers as soon as fixes become available.</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html\">https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://nvd.nist.gov/vuln/detail/CVE-2023-2033\">https://nvd.nist.gov/vuln/detail/CVE-2023-2033</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}