Google on Wednesday rolled out fixes to deal with a brand new actively exploited zero-day within the Chrome browser.
Tracked as CVE-2023-5217the high-severity vulnerability has been described as a heap-based buffer overflow within the VP8 compression format in libvpxa free software program video codec library from Google and the Alliance for Open Media (AOMedia).
Exploitation of such buffer overflow flaws may end up in program crashes or execution of arbitrary code, impacting its availability and integrity.
Clément Lecigne of Google’s Menace Evaluation Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone noting on X (previously Twitter) that it has been abused by a business spy ware vendor to focus on high-risk people.
No extra particulars have been disclosed by the tech big apart from to acknowledge that it is “aware that an exploit for CVE-2023-5217 exists in the wild.”
The most recent discovery brings to 5 the variety of zero-day vulnerabilities to Google Chrome for which patches have been launched this yr –
The event comes as Google assigned a brand new CVE identifier, CVE-2023-5129to the essential flaw within the libwebp picture library – initially tracked as CVE-2023-4863 – that has come underneath lively exploitation within the wild, contemplating its broad assault floor.
Customers are really helpful to improve to Chrome model 117.0.5938.132 for Home windows, macOS, and Linux to mitigate potential threats. Customers of Chromium-based browsers akin to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they turn into out there.
Author: information@thehackernews.com (The Hacker Information)
Date: 2023-09-27 23:13:00
