Google addresses yet another Chrome zero-day
Google has released emergency security updates to fix a Chrome zero-day vulnerability exploited by hackers.
Tracked as CVE-2023-5217, the zero-day flaw is a heap-based buffer overflow issue, which exists due to a boundary error when processing untrusted HTML content in vp8 encoding in libvpx. The vulnerability can be exploited by a remote attacker to achieve code execution on the system by tricking a user into visiting a malicious web page.
As usual, Google withheld technical details on the vulnerability, only saying that it “is aware that an exploit for CVE-2023-5217 exists in the wild.”
The bug was addressed in Google Chrome 117.0.5938.132, released worldwide to Windows, Mac, and Linux users in the Stable Desktop channel.
Earlier this month, the tech giant fixed another a zero-day vulnerability in its Chrome browser.
Tracked as CVE-2023-4863, the flaw has been described as a WebP heap-based overflow issue that can lead to remote code execution.
Latest Posts
Pro-Iran threat actors hacked US water utility
The incident has had no impact on water quality or service.
Okta says October 2023 breach impacted all customer support system users
The compromised file contained the names and email addresses of users and didn’t include user credentials or sensitive personal data.
Mass-exploitation of high-risk ownCloud bug observed in the wild
The vulnerability exposes sensitive data such as the ownCloud admin password, mail server credentials, and license keys.