Preventing the Exploitation of Google Chrome Vulnerability: CVE-2023-2033

In a security advisory, Google confirmed the discovery of a zero-day vulnerability currently being exploited in the wild. This exploit could affect any of its over 3 billion Windows, Mac, and Linux users, and immediate action is being recommended to mitigate exposure.

What Is CVE-2023-2033?

CVE-2023- 2033 is a remote code execution vulnerability in Google Chrome that impacts versions prior to 112.0.5615.121. This can be triggered by visiting a malicious website.  

ThreatLocker Recommendation

Google has released an emergency, out-of-band update to address this actively exploited zero-day vulnerability. The most up-to-date patch should be applied as soon as possible. ThreatLocker recommends discontinuing the use of Chrome until admins can ensure that all users have Google Chrome version 112.0.5615.121 installed.  

Changes to the ThreatLocker Default Google Chrome Policy

ThreatLocker's default policy for Google Chrome has always included Ringfencing™ to prevent Chrome from interacting with PowerShell, ReSRV32, CScript, Command Prompt, and the Forfiles command. To the default Chrome policy, ThreatLocker has added Ringfencing™ to prevent Chrome from accessing the Desktop, Documents, and external drives. Organizations currently using the default policy for Chrome will automatically receive these changes. By blocking Chrome's ability to read or write files saved in the Desktop and Documents directories, and on external storage locations, in the event Chrome was successfully compromised and used to install ransomware, it would be unable to encrypt the files located inside the blocked directories.

For more information regarding CVE-2023-2033 patch, please see: NVD - CVE-2023-2033 (nist.gov)