However, it did not disclose if its own products such as Edge, Skype, and Teams were impacted in the wild.Your Chromebook automatically checks for and downloads updates when connected to Wi-Fi or Ethernet. Microsoft on October 2, 2023, said it released updates to remediate CVE-2023-4863 and CVE-2023-5217, acknowledging that exploits exist for both vulnerabilities. Mozilla on Thursday released Firefox updates to fix CVE-2023-5217, noting that "specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process." The issue has been resolved in versions Firefox 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1, and Firefox for Android 118.1. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available. Users are recommended to upgrade to Chrome version 1.132 for Windows, macOS, and Linux to mitigate potential threats. The development comes as Google assigned a new CVE identifier, CVE-2023-5129, to the critical flaw in the libwebp image library – originally tracked as CVE-2023-4863 – that has come under active exploitation in the wild, considering its broad attack surface. It's also suspected that the Israeli spyware maker Cytrox may have exploited a recently patched Chrome vulnerability (CVE-2023-4762, CVSS score: 8.8) as a zero-day to deliver Predator, although very little information is currently available about the in-the-wild attacks.
CVE-2023-4863 (CVSS score: 8.8) - Heap buffer overflow in WebP.CVE-2023-2136 (CVSS score: 9.6) - Integer overflow in Skia.The latest discovery brings to five the number of zero-day vulnerabilities in Google Chrome for which patches have been released this year.
0 kommentar(er)
