In December, Google released an update for Chrome after a different type confusion vulnerability in V8 was identified.Ī type confusion error occurs when a program uses one type of method to allocate or initialize a resource but uses another method to access that resource, leading to an out-of-bounds memory access, according to cybersecurity firm NSFocus, in an alert it sent about Chrome’s December update. This is the first zero-day vulnerability reported in Chrome this year. In addition to fixing CVE-2023-2033, the Chrome update also fixes a variety of issues detected during internal audits and other initiatives, the company said.
Clement Lecigne of Google’s Threat Analysis Group identified the vulnerability and reported the issue on April 11.