The tech giant acknowledged that "an exploit for CVE-2023-2033 exists in the wild," but stopped short of sharing additional technical specifics or indicators of compromise (IoCs) to prevent further exploitation by threat actors.ĬVE-2023-2033 also appears to share similarities with CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262 – four other actively abused type confusion flaws in V8 that were remediated by Google in 2022. The hack, dubbed Originull, enables an attacker to access and view all of a users private chats, photos and other attachments sent via Facebook Messenger. "Type confusion in V8 in Google Chrome prior to 1.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to the NIST's National Vulnerability Database (NVD). Somewhat predictably, the zero day hack is a ‘Use-After-Free’ exploit and UAF attacks continue to be far and away the most prevalent and successful form of Chrome hack.Not only do UAF exploits. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on April 11, 2023. In December of 2013, AdAge dropped a bomb on Facebook advertisers with this headline: pasted image 0 168. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Google Chrome, Microsoft Edge and Brave have all released fixes to patch one very serious zero-day flaw that's actively being exploited by hackers. Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |