Google has released an emergency update for the Chrome web browser. Among other things, it closes a zero-day vulnerability that is already being attacked. The update fixes two vulnerabilities, one of which is already being attacked in the wild - a zero-day vulnerability. Users should therefore quickly check whether they are already using the current version.

Google Chrome: exploited zero-day vulnerability

In the release notes for the new browser version, the developers write that it fixes two security gaps. Attackers can use maliciously crafted HTML websites to create memory scrambling on the heap and use this to inject and execute malicious code. The bug is found in the JavaScript engine V8 and is based on a type confusion bug in which the data types used do not match (CVE-2023-2033, no CVSS classification yet).

Check the current version in use

The bug-fixed versions are 112.0.5615.100/.101 for Android and 112.0.5615.121 for Linux, macOS and Windows. Google will distribute these using the automatic updates.

Whether the version used on the computer is already up to date can be checked by clicking on the Chrome menu - which is hidden to the right of the address bar behind the symbol with three vertically stacked dots -, from there to Help - Check via Google Chrome.

The dialog shows the version currently in use, starts downloading and installing the update if necessary, and then prompts you to restart your browser.

Just last week, Google made the version jump to Chrome 112.