![]() ![]() Mozilla has fixed CVE-2023-5217 in Firefox, Firefox ESR, Firefox for Android and Firefox Focus for Android. Google has first created a new CVE ID for the flaw in libwebp ( CVE-2023-5129), but it was soon rejected or withdrawn for being a duplicate of CVE-2023-4863. CVE-2023-5187 – A use after free (UAF) vulnerability in ExtensionsĮarlier this month, Apple patched two zero-day vulnerabilities ( CVE-2023-41064, CVE-2023-41061) chained and exploited to deliver NSO Group’s Pegasus spyware to high-risk targets.ĬVE-2023-41064 – a buffer overflow vulnerability in the ImageI/O framework – turned out to be the effectively the same flaw as CVE-2023-4863 – a Chrome zero-day heap buffer overflow vulnerability in WebP, because the source of the vulnerability is the libwebp library both companies implemented.CVE-2023-5186 – A use after free (UAF) vulnerability in Passwords.In this latest update, Google has also resolved two other high-severity flaws reported by researchers: As noted by his colleague Maddie Stone, the flaw is being used by a commercial surveillance vendor. The vulnerability has been reported by Clément Lecigne of Google’s Threat Analysis Group on September 25. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” Google said. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. ![]() Google noted that the exploit for CVE-2023-5217 exists in the wild, so users are recommended to update as soon as possible. The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx – a video codec library from Google and the Alliance for Open Media (AOMedia).ĬVE-2023-5217 has been fixed in Google Chrome 1.132 for Windows, Mac and Linux users. Google has fixed another critical zero-day vulnerability (CVE-2023-5217) in Chrome that is being exploited in the wild.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |