Google on Wednesday rolled out fixes to handle a new actively exploited zero-working day in the Chrome browser.
Tracked as CVE-2023-5217, the significant-severity vulnerability has been explained as a heap-primarily based buffer overflow in the VP8 compression structure in libvpx, a free software video clip codec library from Google and the Alliance for Open up Media (AOMedia).
Exploitation of this kind of buffer overflow flaws can end result in program crashes or execution of arbitrary code, impacting its availability and integrity.
Clément Lecigne of Google’s Threat Evaluation Group (TAG) has been credited with identifying and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone noting on X (formerly Twitter) that it has been abused by a professional spy ware seller to focus on large-risk persons.
No additional information have been disclosed by the tech big other than to acknowledge that it can be “knowledgeable that an exploit for CVE-2023-5217 exists in the wild.”
The hottest discovery provides to five the range of zero-day vulnerabilities to Google Chrome for which patches have been released this year –
- CVE-2023-2033 (CVSS score: 8.8) – Form confusion in V8
- CVE-2023-2136 (CVSS rating: 9.6) – Integer overflow in Skia
- CVE-2023-3079 (CVSS rating: 8.8) – Form confusion in V8
- CVE-2023-4863 (CVSS rating: 8.8) – Heap buffer overflow in WebP
The improvement arrives as Google assigned a new CVE identifier, CVE-2023-5129, to the critical flaw in the libwebp graphic library – initially tracked as CVE-2023-4863 – that has arrive under active exploitation in the wild, considering its wide attack surface.
People are recommended to up grade to Chrome version 117..5938.132 for Windows, macOS, and Linux to mitigate potential threats. Customers of Chromium-based mostly browsers these types of as Microsoft Edge, Brave, Opera, and Vivaldi are also suggested to use the fixes as and when they come to be readily available.
Found this write-up interesting? Abide by us on Twitter and LinkedIn to study much more exceptional material we write-up.
Some areas of this article are sourced from: