Google has announced the first zero-day exploit for 2023, which means Chrome users should update Chrome now to secure their computers from attack via the browser software. In this article, we’ll dive into what a zero-day attack means, how to update Chrome, and provide an explanation of this particular vulnerability. Let’s get started.

A zero-day attack is a newly discovered software vulnerability that developers have zero days to fix because it has been used by hackers. Google last Friday confirmed in a blog post the discovery of a zero-day vulnerability, dubbed CVE-2023-2033, that applies to Windows, Mac and Linux operating systems. The company also said that “an exploit for CVE-2023-2033 exists in the wild.”

“In the wild” or ITW is a term used to describe the scope and impact of malicious software (malware) created to take advantage of a “hole” in a software’s code. In-the-wild malware is active and can be found on devices belonging to everyday users.

When you see ITW, you know this is not a hypothetical threat found by security analysts. While ITW threats and potential threats both need to be patched, there is more urgency around an ITW exploit because it is already in use in contrast to a lab vulnerability.

Google itself has not offered details of the exploit, which is a standard operating procedure for the company. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company said. But it did describe the vulnerability as a type confusion issue.

The National Vulnerability Database, run by the National Institute of Standards and Technology, posted a brief description of this type of issue, saying it allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and rated security severity as high. While brief, the description calls for an explanation for those who aren’t experts in cybersecurity.

When a security specialist says “exploit heap corruption,” it means that an attacker has found a way to manipulate the data stored in the heap in a way that was not intended by the program. This can cause the program to behave unexpectedly or even crash. The heap memory is part of a computer’s RAM (random access memory) reserved for dynamic memory allocation while the program is running. So in this case, if you visit a malicious webpage, code can be installed in your computer that would then cause problems from erratic behavior to capturing personal data.

Similar hacks were discovered a year ago. The well-known North Korean state-sponsored Lazarus Group launched an attack that involved impersonating Lockheed Martin. Fake job listings were posted and if the targets clicked on a listing, malware was injected into their computers. The goal was to steal both information and money.

Now that you understand why it’s important to update Chrome, let’s look at how to do it. Chrome checks for new updates regularly, and when an update is available, Chrome applies it automatically when you close and reopen the browser. Google releases updates for Chrome every three to four weeks unless there’s a critical security update like this one.

If you haven’t closed your browser recently, you will see a pending update. Look in the upper right corner of the Chrome window. Pending updates are color-coded: green for updates released less than two days ago, yellow for updates released around four days ago, and red for updates that were released at least a week ago.

At the time of this writing, I did not have a pending update notice and my version was not the latest to protect against this zero-day vulnerability. You should be on version 112.0.5615.121. To check, open the three-dot menu, click on “Help” at the bottom of the list and then open “About Google Chrome.” A new page will open and show your current version and the upgrade available. If you see “Update Google Chrome,” click on it. After updating, you should see: “Chrome is up to date” and “Version 112.0.5615.121 (Official Build) (arm64).”

Your browser window will automatically close and reopen. But don’t worry — Chrome saves your open windows and tabs and they’ll be restored with the relaunch.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.

Newsletter