The vulnerability has a CVSS score of 8.8, classified as HIGH.
What is type confusion vulnerability?
The vulnerability can exploited by attackers using a specially crafted HTML page to trigger a memory corruption (heap corruption) vulnerability.
The CVE-2023-2033 vulnerability affects Google Chrome browser users on all platforms, including Windows, Mac, and Linux systems. The vulnerability exists in Chrome versions prior to version 112.0.5615.121.
- To protect against this vulnerability, it is recommend to update your Google Chrome browser to the latest version (version 112.0.5615.137). You can do this by opening the Chrome menu, selecting Help, and selecting About Google Chrome. If an update is available, it will be installed automatically. Find more details here.
- Enabling site isolation is another security feature in Google Chrome that can help prevent attackers from exploiting vulnerabilities like CVE-2023-2033. You can enable site isolation by going to chrome://flags/#enable-site-per-process in the Chrome address bar and enabling the feature.
The vulnerability affects all Chrome users on all platforms, and the exploit would triggered using a specially crafted HTML page. Google has confirmed the existence of an exploit and advises immediate update to latest Chrome version to mitigate the risk.