CVE-2023-5186 – A use after free (UAF) vulnerability in Passwords.In this latest update, Google has also resolved two other high-severity flaws reported by researchers: As noted by his colleague Maddie Stone, the flaw is being used by a commercial surveillance vendor. The vulnerability has been reported by Clément Lecigne of Google’s Threat Analysis Group on September 25. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” Google said. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. Google noted that the exploit for CVE-2023-5217 exists in the wild, so users are recommended to update as soon as possible. The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx – a video codec library from Google and the Alliance for Open Media (AOMedia).ĬVE-2023-5217 has been fixed in Google Chrome 1.132 for Windows, Mac and Linux users. Google has fixed another critical zero-day vulnerability (CVE-2023-5217) in Chrome that is being exploited in the wild.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |