Google has rushed to patch one other Chrome zero-day vulnerability exploited by a business spyware and adware vendor.
The web big introduced on Tuesday that the steady channel of Chrome for Home windows, macOS and Linux has been up to date to model 117.0.5938.132.
The most recent replace patches 10 vulnerabilities, three of which have been highlighted by the corporate in its advisory.
An important vulnerability, tracked as CVE-2023-5217, has been described as a “heap buffer overflow in vp8 encoding in libvpx”. The difficulty was reported to the Chrome group by Clement Lecigne of Google’s Menace Evaluation Group (TAG) simply two days earlier than the patch was launched.
Google warned that CVE-2023-5217 has been exploited within the wild.
Whereas the advisory doesn’t present any data on the assaults exploiting the zero-day, Google TAG researcher Maddie Stone revealed that it has been leveraged by a business surveillance vendor.
The information comes shortly after Google TAG and the College of Toronto’s Citizen Lab group launched particulars on an operation whose purpose was to ship a bit of spyware and adware often known as Predator to an opposition politician in Egypt.
An evaluation confirmed that the risk actor has used numerous zero-days and man-in-the-middle (MitM) assaults to ship spyware and adware to each Android and iOS units.
CVE-2023-5217 is the sixth Chrome zero-day patched by Google in 2023, after CVE-2023-4762, CVE-2023-4863, CVE-2023-3079, CVE-2023-2033, and CVE-2023-2136.
The most recent Chrome replace additionally patches CVE-2023-5186 and CVE-2023-5187, two high-severity use-after-free bugs within the Passwords and Extensions elements.