⚡ TL;DR | Go Straight to the Google Chrome 112 Vulnerability Audit Report
Google has released a security update for Chrome 112 for Windows, Linux, and Mac to fix a high-severity zero-day vulnerability. The type confusion vulnerability has already been actively exploited in the wild. Successful exploitation of this flaw could lead to memory corruption. This can in turn lead to unexpected program behavior or browser crashes. We have added a new report to your Lansweeper installation to help you find potentially vulnerable installs of Google Chrome.
CVE-2023-2033
The zero-day vulnerability tracked as CVE-2023-2033 is a type confusion in V8 in Google Chrome prior to 112.0.5615.121. It would allow an attacker to exploit heap corruption via a crafted HTML page, according to NIST. The vulnerability has a high severity rating and there are already reports of it being actively exploited in the wild. When successfully exploited the issue can lead to memory corruption and subsequently browser crashes by reading or writing memory out of buffer bounds.
Update Vulnerable Google Chrome Installations
Google is not releasing any further details about the vulnerability in Chrome 112 yet, to prevent further exploitation of the vulnerability until users have had a chance to update to the fixed version of Chrome. Make sure to update all Google Chrome installations on Windows, Linux, and Mac to version 112.0.5615.121. You can find more information about the security update on Google’s release page. If you are using any other Chromium-based browsers, you should also apply any fixes to those, as soon as they become available.
Discover Vulnerable Chrome Installs
To help you locate any vulnerable Google Chrome installations, our team has created a special report. It will provide you with a list of all computers in your network that are not running the latest version of Chrome 112 yet. This way you can easily see which installs are still at risk and you can update them accordingly. You can get to the report via the link below.
