Active Exploitation of Zero-Day Vulnerability in Google Chrome

Published on 29 Sep 2023

Google has released security updates to address a zero-day high-severity vulnerability (CVE-2023-5217) in Google Chrome. The vulnerability is reportedly being actively exploited.

Successful exploitation of the heap buffer overflow vulnerability in the VP8 encoding of the open-source libvpx video codec library could allow an attacker to perform denial-of-service (DoS) or arbitrary code execution.

Users of Chrome browsers are advised to update their browser to version 117.0.5938.132 immediately.

Users are also encouraged to enable automatic updates in their Chrome browser to ensure that their software is updated promptly.

More information is available here:

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html?m=1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217