TAG researchers, including Maddie Stone, have previously discovered and reported zero-day vulnerabilities that were exploited in targeted spyware attacks by government-sponsored threat actors and hacking groups. It was initially reported by Google Threat Analysis Group (TAG) security researcher Clément Lecigne. This flaw can result in app crashes and arbitrary code execution. The zero-day vulnerability, known as CVE-2023-5217, is a high-severity issue caused by a heap buffer overflow weakness in the VP8 encoding of the open-source libvpx video codec library. The vulnerability is addressed in Google Chrome 1.132 and is being rolled out worldwide to Windows, Mac, and Linux users in the Stable Desktop channel. In a security advisory, Google revealed that it is aware of an exploit for CVE-2023-5217 that exists in the wild. Google has released emergency security updates to patch the fifth Chrome zero-day vulnerability that has been exploited in attacks since the beginning of the year.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |