Security News > 2023 > September > Google fixes fifth actively exploited Chrome zero-day of 2023
Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today.
Today, Google TAG's Maddie Stone revealed that the CVE-2023-5217 zero-day vulnerability was exploited to install spyware.
With Citizen Lab researchers, Google TAG also disclosed on Friday that three zero-days patched by Apple last Thursday were used to install Cytrox's Predator spyware between May and September 2023.
Even though Google said today that the CVE-2023-5217 zero-day had been exploited in attacks, the company has yet to share more information regarding these incidents.
Google fixed another zero-day exploited in the wild two weeks ago, the fourth one since the start of the year.
Google fixes another Chrome zero-day bug exploited in attacks.
News URL
Related news
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products (source)
- Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (source)
- Google Chrome to use on-device AI to detect tech support scams (source)
- Google Chrome to block admin-level browser launches for better security (source)
- Google fixes high severity Chrome flaw with public exploit (source)
- Google Chrome's Built-in Manager Lets Users Update Breached Passwords with One Click (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-28 | CVE-2023-5217 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity webmproject microsoft mozilla fedoraproject debian apple google redhat CWE-787 | 8.8 |