Google on Wednesday rolled out fixes to tackle a new actively exploited zero-working day in the Chrome browser.
Tracked as CVE-2023-5217, the large-severity vulnerability has been explained as a heap-dependent buffer overflow in the VP8 compression format in libvpx, a free software package online video codec library from Google and the Alliance for Open Media (AOMedia).
Exploitation of these types of buffer overflow flaws can outcome in system crashes or execution of arbitrary code, impacting its availability and integrity.
Clément Lecigne of Google’s Risk Investigation Group (TAG) has been credited with identifying and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone noting on X (previously Twitter) that it has been abused by a industrial spy ware vendor to focus on high-risk men and women.
No extra particulars have been disclosed by the tech big other than to admit that it can be “mindful that an exploit for CVE-2023-5217 exists in the wild.”
The most up-to-date discovery delivers to 5 the selection of zero-working day vulnerabilities to Google Chrome for which patches have been unveiled this year –
- CVE-2023-2033 (CVSS score: 8.8) – Kind confusion in V8
- CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
- CVE-2023-3079 (CVSS rating: 8.8) – Style confusion in V8
- CVE-2023-4863 (CVSS rating: 8.8) – Heap buffer overflow in WebP
The enhancement arrives as Google assigned a new CVE identifier, CVE-2023-5129, to the critical flaw in the libwebp graphic library – initially tracked as CVE-2023-4863 – that has arrive under energetic exploitation in the wild, taking into consideration its broad attack area.
End users are advised to up grade to Chrome version 117..5938.132 for Windows, macOS, and Linux to mitigate prospective threats. People of Chromium-primarily based browsers this sort of as Microsoft Edge, Brave, Opera, and Vivaldi are also suggested to apply the fixes as and when they grow to be obtainable.
Found this article fascinating? Abide by us on Twitter and LinkedIn to study much more special content we write-up.
Some parts of this article are sourced from:
thehackernews.com