Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser.
Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia).
The latest discovery brings to five the number of zero-day vulnerabilities in Google Chrome for which patches have been released this year –
It’s also suspected that the Israeli spyware maker Cytrox may have exploited a recently patched Chrome vulnerability (CVE-2023-4762, CVSS score: 8.8) as a zero-day to deliver Predator, although very little information is currently available about the in-the-wild attacks.
Mozilla on Thursday released Firefox updates to fix CVE-2023-5217, noting that “specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process.” The issue has been resolved in versions Firefox 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1, and Firefox for Android 118.1.
Source: https://thehackernews.com/
