Google released an update on Wednesday to fix a recently discovered security vulnerability in its Chrome browser. Known as CVE-2023-5217, this high-severity issue involves a heap-based buffer overflow in the VP8 compression format used by libvpx—a video codec library developed by Google and the Alliance for Open Media.
These buffer overflow vulnerabilities can lead to program crashes or allow attackers to execute code, potentially compromising the availability and integrity of the affected system. Google’s prompt response to this zero-day exploit showcases its commitment to user security and the ongoing efforts to keep its software safe. It is essential for Chrome users to update their browsers to mitigate the risk associated with this vulnerability. Stay informed and stay safe online!
Clément Lecigne of Google’s Threat Analysis Group (TAG) discovered and disclosed a flaw, CVE-2023-5217, in Google Chrome. This flaw has been exploited by a commercial spyware vendor to target high-risk individuals. Google is aware of the existence of an exploit “in the wild,” but no further details have been provided. This marks the fifth zero-day vulnerability found in Google Chrome this year, following CVE-2023-2033, CVE-2023-2136, CVE-2023-3079, and CVE-2023-4863. Patches have been released for all of these vulnerabilities.
Google has discovered a critical flaw in the libwebp image library, now identified as CVE-2023-5129, that hackers are actively exploiting. To protect yourself, make sure you upgrade to Chrome version 117.0.5938.132 on Windows, macOS, or Linux. If you use Microsoft Edge, Brave, Opera, or Vivaldi, keep an eye out for fixes as they are released. Stay safe!
source :thehackernews