CVE-2023-5217: Chrome zero-day vulnerability exploited in attacks
In the ever-evolving world of internet security, a new threat has emerged, prompting Google to release emergency updates for its renowned browser, Chrome. Here’s everything you need to know about this vulnerability and how you can protect yourself.
Google recently revealed in a security advisory that a zero-day vulnerability, designated as CVE-2023-5217, is being actively exploited. In the realm of cyber threats, a “zero-day” refers to a vulnerability unknown to those who should be interested in its mitigation (like the software vendor), until it starts becoming actively exploited by hackers.
This particular vulnerability arises from a heap buffer overflow in the vp8 encoding found in libvpx. To decode that for non-techies: think of it as a flaw that could allow hackers to take unexpected actions that the software doesn’t intend, potentially compromising the user’s system.
“Google is aware that an exploit for CVE-2023-5217 exists in the wild,” the tech giant wrote.
The credit for discovering this issue goes to Clément Lecigne from Google’s Threat Analysis Group, who detected and reported it on September 25, 2023.
Along with the zero-day vulnerability, Google also addressed two other high-severity vulnerabilities in this update:
1. CVE-2023-5186: A ‘Use after free in Passwords’ vulnerability. This was reported by an anonymous entity going by the name [pwn2car] on September 5, 2023.
2. CVE-2023-5187: A ‘Use after free in Extensions’ vulnerability. Thomas Orlita brought this issue to light on August 25, 2023.
Both vulnerabilities can potentially allow a hacker unauthorized access to a user’s system, reinforcing the importance of this emergency update.
Users of Google Chrome are strongly advised to immediately update their browsers to version 117.0.5938.132 for Windows, Mac, and Linux systems, which patches the vulnerabilities mentioned above.
Furthermore, if you’re using Chromium-based browsers like Microsoft Edge, Brave, Opera, or Vivaldi, keep a close eye out for forthcoming updates and apply them at the earliest to ensure your online safety.
Checking for updates is a breeze:
1. Open your Chrome browser.
2. Navigate to the Chrome menu on the top right.
3. Click on ‘Help’ and then ‘About Google Chrome’.
4. The browser will automatically check for and install any available updates, requiring only a restart.