Google has released an unscheduled security update for the Chrome browser to address a zero-day vulnerability, CVE-2023-2033, which was already under attack. The type confusion issue in the V8 JavaScript engine was discovered by Google Threat Analysis Group (TAG) on April 11, 2023. Chrome users are urged to update their browser to version 112.0.5615.121 as soon as possible to fix the vulnerability on Windows, Mac and Linux. Google warned that an exploit for CVE-2023-2033 already exists and is being used by attackers, but did not provide additional technical details or indicators of compromise.
