![]() The vulnerability, known as CVE-2023-5217, is considered high-severity and results from a heap buffer overflow weakness in the VP8 encoding of the open-source libvpx video codec library. ![]() This marks the fifth zero-day #vulnerability discovered and patched by Google in 2023, emphasizing the company's commitment to user security. In response to an actively exploited zero-day vulnerability, Google has released emergency security updates for its #Chrome web browser. □Breaking News: Google's Fifth Chrome Zero-Day Vulnerability Patched!□️ Urgent Action Required: The recently updated critical assessment underscores the pressing need for swift patch application across these platforms to ensure the security of user data. Wider Implications: The reclassification highlights the potential risk for projects using libwebp, including 1Password, Safari, Signal, Firefox, Edge, Opera, and Android browsers. The Impact: Such exploits can lead to crashes, arbitrary code execution, and unauthorized access to sensitive data. Malicious HTML pages can be leveraged by malicious actors to carry out memory writes beyond the established boundaries. This pertains to a heap buffer overflow within WebP, affecting Chrome iterations preceding 1.187. Technical Details: CVE-2023-5129 has gained official recognition as a severe problem within #libwebp, bearing a top-level severity rating of 10/10. However upon further investigation, it has currently been ascribed a different CVE, this change having a great impact. A new CVE ID (CVE-2023-5129) is assigned to the libwebp flaw initially labeled as a Chrome weakness (CVE-2023-4863)īackground: The vulnerability was first jointly reported by Apple Security Engineering and Architecture (SEAR) and Citizen Lab at The University of Toronto's Munk School on September 6. Google reclassifies security #vulnerability with a new #severity rating of 10/10. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |