![]() ![]() Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available. Users are recommended to upgrade to Chrome version 1.132 for Windows, macOS, and Linux to mitigate potential threats. The development comes as Google assigned a new CVE identifier, CVE-2023-5129, to the critical flaw in the libwebp image library – originally tracked as CVE-2023-4863 – that has come under active exploitation in the wild, considering its broad attack surface. ![]() It’s also suspected that the Israeli spyware maker Cytrox may have exploited a recently patched Chrome vulnerability (CVE-2023-4762, CVSS score: 8.8) as a zero-day to deliver Predator, although very little information is currently available about the in-the-wild attacks. CVE-2023-4863 (CVSS score: 8.8) - Heap buffer overflow in WebP.CVE-2023-2136 (CVSS score: 9.6) - Integer overflow in Skia.The latest discovery brings to five the number of zero-day vulnerabilities in Google Chrome for which patches have been released this year. No additional details have been disclosed by the tech giant other than to acknowledge that it’s “aware that an exploit for CVE-2023-5217 exists in the wild.” Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia).Įxploitation of such buffer overflow flaws can result in program crashes or execution of arbitrary code, impacting its availability and integrity.Ĭlément Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone noting on X (formerly Twitter) that it has been abused by a commercial spyware vendor to target high-risk individuals. ![]() Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |