Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Sep 28, 2023THNZero Day / Vulnerability

Google on Wednesday rolled out fixes to deal with a brand new actively exploited zero-day within the Chrome browser.

Tracked as CVE-2023-5217the high-severity vulnerability has been described as a heap-based buffer overflow within the VP8 compression format in libvpxa free software program video codec library from Google and the Alliance for Open Media (AOMedia).

Exploitation of such buffer overflow flaws may end up in program crashes or execution of arbitrary code, impacting its availability and integrity.

Clément Lecigne of Google’s Menace Evaluation Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone noting on X (previously Twitter) that it has been abused by a business spy ware vendor to focus on high-risk people.

No extra particulars have been disclosed by the tech big apart from to acknowledge that it is “aware that an exploit for CVE-2023-5217 exists in the wild.”


The most recent discovery brings to 5 the variety of zero-day vulnerabilities to Google Chrome for which patches have been launched this yr –

The event comes as Google assigned a brand new CVE identifier, CVE-2023-5129to the essential flaw within the libwebp picture library – initially tracked as CVE-2023-4863 – that has come underneath lively exploitation within the wild, contemplating its broad assault floor.

Customers are really helpful to improve to Chrome model 117.0.5938.132 for Home windows, macOS, and Linux to mitigate potential threats. Customers of Chromium-based browsers akin to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they turn into out there.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.

Author: (The Hacker Information)
Date: 2023-09-27 23:13:00

Source link



Related articles

Alina A, Toronto
Alina A, Toronto
Alina A, an UofT graduate & Google Certified Cyber Security analyst, currently based in Toronto, Canada. She is passionate for Research and to write about Cyber-security related issues, trends and concerns in an emerging digital world.


Please enter your comment!
Please enter your name here