Google on Wednesday rolled out fixes to handle a brand new actively exploited zero-day within the Chrome browser.
Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow within the VP8 compression format in libvpx, a free software program video codec library from Google and the Alliance for Open Media (AOMedia).
Exploitation of such buffer overflow flaws can lead to program crashes or execution of arbitrary code, impacting its availability and integrity.
Clément Lecigne of Google’s Menace Evaluation Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone noting on X (previously Twitter) that it has been abused by a business spyware and adware vendor to focus on high-risk people.
No extra particulars have been disclosed by the tech big aside from to acknowledge that it is “conscious that an exploit for CVE-2023-5217 exists within the wild.”
The most recent discovery brings to 5 the variety of zero-day vulnerabilities to Google Chrome for which patches have been launched this 12 months –
The event comes as Google assigned a brand new CVE identifier, CVE-2023-5129, to the essential flaw within the libwebp picture library – initially tracked as CVE-2023-4863 – that has come below energetic exploitation within the wild, contemplating its broad assault floor.
Customers are really useful to improve to Chrome model 117.0.5938.132 for Home windows, macOS, and Linux to mitigate potential threats. Customers of Chromium-based browsers equivalent to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they turn into accessible.