Google on Wednesday rolled out fixes to deal with a brand new actively exploited zero-day within the Chrome browser.
Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow within the VP8 compression format in libvpx, a free software program video codec library from Google and the Alliance for Open Media (AOMedia).
Exploitation of such buffer overflow flaws may end up in program crashes or execution of arbitrary code, impacting its availability and integrity.
Clément Lecigne of Google’s Risk Evaluation Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone noting on X (previously Twitter) that it has been abused by a business spy ware vendor to focus on high-risk people.
No extra particulars have been disclosed by the tech large aside from to acknowledge that it is “conscious that an exploit for CVE-2023-5217 exists within the wild.”
The most recent discovery brings to 5 the variety of zero-day vulnerabilities to Google Chrome for which patches have been launched this 12 months –
The event comes as Google assigned a brand new CVE identifier, CVE-2023-5129, to the vital flaw within the libwebp picture library – initially tracked as CVE-2023-4863 – that has come underneath energetic exploitation within the wild, contemplating its broad assault floor.
Customers are really helpful to improve to Chrome model 117.0.5938.132 for Home windows, macOS, and Linux to mitigate potential threats. Customers of Chromium-based browsers resembling Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they develop into out there.
