CVE-2023-5187: Use after free in extensions.CVE-2023-5186: Use after free in password function.CVE-2023-5217: VP8 encoding buffer overflow in libvpx library.CVE numbers have been published in the following three cases, all of which have been rated as "High". This release is a security update that fixes 10 vulnerabilities. It was initially reported by Google Threat Analysis Group (TAG) security researcher Clément Lecigne. This flaw can result in app crashes and arbitrary code execution. The zero-day vulnerability, known as CVE-2023-5217, is a high-severity issue caused by a heap buffer overflow weakness in the VP8 encoding of the open-source libvpx video codec library. The vulnerability is addressed in Google Chrome 1.132 and is being rolled out worldwide to Windows, Mac, and Linux users in the Stable Desktop channel. In a security advisory, Google revealed that it is aware of an exploit for CVE-2023-5217 that exists in the wild. Google has released emergency security updates to patch the fifth Chrome zero-day vulnerability that has been exploited in attacks since the beginning of the year. Actively Exploited Libvpx Flaw Affects both Firefox and Chrome Browsers - Cyber Kendra
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |