Google has released emergency security updates to fix a Chrome zero-day vulnerability exploited by hackers.
Tracked as CVE-2023-5217, the zero-day flaw is a heap-based buffer overflow issue, which exists due to a boundary error when processing untrusted HTML content in vp8 encoding in libvpx. The vulnerability can be exploited by a remote attacker to achieve code execution on the system by tricking a user into visiting a malicious web page.
As usual, Google withheld technical details on the vulnerability, only saying that it “is aware that an exploit for CVE-2023-5217 exists in the wild.”
The bug was addressed in Google Chrome 117.0.5938.132, released worldwide to Windows, Mac, and Linux users in the Stable Desktop channel.
Earlier this month, the tech giant fixed another a zero-day vulnerability in its Chrome browser.
Tracked as CVE-2023-4863, the flaw has been described as a WebP heap-based overflow issue that can lead to remote code execution.