Google Nun Spies Penetrate New Chrome Hole

Google has been actively combating security threats related to the Chrome browser in recent months. In response to the discovery of the fifth 0Day-vulnerability this year, an urgent update has been released to address these vulnerabilities.

According to the company, the latest update for Google Chrome version 117.0.5938.132 for Windows, Mac, and Linux has fixed the CVE-2023-5217 vulnerability, which is actively being exploited in real-world conditions. The update includes an automatic version check and installation feature to ensure all users receive the necessary updates.

CVE-2023-5217 is classified as a highly dangerous vulnerability that is associated with a buffer overflow in the Libvpx video codec from Google and the Alliance for Open Media (AOM). This flaw can potentially allow for the execution of arbitrary code and has been used to install spy software. The vulnerability was discovered by a security researcher from the Google Tag threat analysis group on September 25.

While Google has confirmed that the CVE-2023-5217 vulnerability has been exploited, the company has not provided specific details about the incidents. In an effort to prevent future attacks, Google has restricted access to the error details and related links until the majority of users update their browsers. This precautionary measure aims to minimize the risk of future attacks, especially as more technical information about the vulnerability becomes available.

It is worth noting that Google recently fixed another zero-day vulnerability, CVE-2023-4863, just two weeks ago. This marked the fourth such case this year. Initially attributed to Chrome errors, the vulnerability was reclassified as a critical security threat in the Libwebp library. Many projects, including Signal, 1password, Mozilla Firefox, Microsoft Edge, Apple’s Safari, and the built-in Android web browser, rely on this library.

/Reports, release notes, official announcements.