![]() ![]() In the past, Google has also addressed other zero-day vulnerabilities, including CVE-2023-4863, (re-addressed CVE-2023-5129) which was exploited in the wild. This proactive approach allows users to update their browsers as a preemptive measure against potential attacks. The company may restrict access to bug details and links until a majority of users have been updated with the fix. While Google has confirmed that the vulnerability has been exploited in attacks, it has not provided further details about these incidents. In this case, the CVE-2023-5217 vulnerability was also exploited to install spyware. TAG researchers, including Maddie Stone, have previously discovered and reported zero-day vulnerabilities that were exploited in targeted spyware attacks by government-sponsored threat actors and hacking groups. The security vulnerability is addressed in Google Chrome 1.132, rolling out worldwide to Windows, Mac, and Linux users in the Stable Desktop channel.Īlso read: WebP 0day - Google Assign New CVE for libwebp Vulnerability - Cyber Kendra ![]() CVE-2023-5187: Use after free in extensions.CVE-2023-5186: Use after free in password function.CVE-2023-5217: VP8 encoding buffer overflow in libvpx library.CVE numbers have been published in the following three cases, all of which have been rated as "High". This release is a security update that fixes 10 vulnerabilities. ![]() It was initially reported by Google Threat Analysis Group (TAG) security researcher Clément Lecigne. This flaw can result in app crashes and arbitrary code execution. The zero-day vulnerability, known as CVE-2023-5217, is a high-severity issue caused by a heap buffer overflow weakness in the VP8 encoding of the open-source libvpx video codec library. The vulnerability is addressed in Google Chrome 1.132 and is being rolled out worldwide to Windows, Mac, and Linux users in the Stable Desktop channel. In a security advisory, Google revealed that it is aware of an exploit for CVE-2023-5217 that exists in the wild. Google has released emergency security updates to patch the fifth Chrome zero-day vulnerability that has been exploited in attacks since the beginning of the year. Actively Exploited Libvpx Flaw Affects both Firefox and Chrome Browsers - Cyber Kendra ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |