28 September 2023

Google addresses yet another Chrome zero-day


Google addresses yet another Chrome zero-day

Google has released emergency security updates to fix a Chrome zero-day vulnerability exploited by hackers.

Tracked as CVE-2023-5217, the zero-day flaw is a heap-based buffer overflow issue, which exists due to a boundary error when processing untrusted HTML content in vp8 encoding in libvpx. The vulnerability can be exploited by a remote attacker to achieve code execution on the system by tricking a user into visiting a malicious web page.

As usual, Google withheld technical details on the vulnerability, only saying that it “is aware that an exploit for CVE-2023-5217 exists in the wild.”

The bug was addressed in Google Chrome 117.0.5938.132, released worldwide to Windows, Mac, and Linux users in the Stable Desktop channel.

Earlier this month, the tech giant fixed another a zero-day vulnerability in its Chrome browser.

Tracked as CVE-2023-4863, the flaw has been described as a WebP heap-based overflow issue that can lead to remote code execution.


Back to the list

Latest Posts

Cyber Security Week in Review: June 21, 2024

Cyber Security Week in Review: June 21, 2024

In brief: The US bans Russia’s Kaspersky software, Chinese cyber espionage actor exploits Fortinet, Ivanti, and VMware zero-days, and more.
21 June 2024
Russian Nobelium hackers  target French diplomatic entities and public orgs

Russian Nobelium hackers target French diplomatic entities and public orgs

Nobelium's tactics involve using hacked legitimate email accounts belonging to diplomatic staff to conduct phishing campaigns.
20 June 2024
Chinese cyber espionage actor exploits Fortinet, Ivanti, and VMware zero-days

Chinese cyber espionage actor exploits Fortinet, Ivanti, and VMware zero-days

The group relies heavily on valid credentials for lateral movement between guest virtual machines on compromised VMware ESXi servers.
20 June 2024