If you’re one of the 3 billion(!) users of Google Chrome, you need to update your browser immediately to address an identified Zero Day vulnerability.

As discussed by Forbes, Google confirmed in a new blog post the discovery of the Zero Day vulnerability and it impacts Chrome on Windows, Mac and Linux. Google also confirmed it is aware that an exploit exists in the wild.

The vulnerability, CVE-2023-2033, stems from a “Type Confusion in V8.” This occurs when a program uses one method to allocate or initialize a resource, but an incompatible method then accesses that resource, potentially providing unsecured access to the browser’s memory.

The vulnerability was discovered by Google’s Threat Analysis Group, but a patch couldn’t be created before the first exploits of Chrome began.

The good news is Google now has a patch, and you need to update Chrome immediately to get it. The article says “To do this, click the overflow menu bar (three vertical dots) in the browser’s top right corner, then Help > About Google Chrome. This will force Chrome to check for browser updates.” In my case, the three vertical dots showed the word “Update” next to it, so I was simply able to click that and select the menu option to apply the update.

Either way, once the update is complete, you must restart the browser to be fully protected.

The article notes that Google is doing “an incredible job” of reducing the instances of a Zero Day vulnerability or exploit. Chrome had 15 Zero Day exploits in 2021, nine in 2022 and this is the first of 2023! The article cites Google’s robust reporting system and payment of high bounties for vulnerabilities (Google paid over $12M in bug bounties in 2022, including a single record bounty of $605,000 for one critical exploit).

Makes me want to go bounty hunting! 😉

So, what do you think? Were you aware of this Google Zero Day vulnerability? You are now! Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.