Active Exploitation of Zero-day Vulnerability in Google Chrome

Published on 13 Sep 2023

Google has released security updates to address a critical zero-day vulnerability (CVE-2023-4863) in the WebP code library (libwebp). The vulnerability is reportedly being actively exploited.

Successful exploitation of the heap buffer overflow vulnerability could allow a remote attacker to perform denial-of-service (DoS) or arbitrary code execution via a crafted HTML page.

Users of Chrome browsers are advised to update their browser to version 116.0.5845.187 for Mac and Linux and version 116.0.5845.187.188 for Windows immediately.

Users are also encouraged to enable automatic updates in their Chrome browser to ensure that their software is updated promptly.

More information is available here:

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863

https://digital.nhs.uk/cyber-alerts/2023/cc-4376