Security News > 2023 > September > Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
2023-09-28 03:13
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can
News URL
https://thehackernews.com/2023/09/update-chrome-now-google-releases-patch.html
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) (source)
- Firefox Update Patches Exploited Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-28 | CVE-2023-5217 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |