Google has taken decisive action to address a newly discovered zero-day vulnerability in its popular Chrome browser. The tech giant has released an update, version 117.0.5938.132, in an effort to mitigate the exploit. The vulnerability, known as CVE-2023-5217, is actively being exploited in real-world scenarios, prompting Google to urgently patch the issue.
The vulnerability is related to a heap buffer overflow within the vp8 encoding functionality of the libvpx library. Clément Lecigne, a member of Google’s Threat Analysis Group, identified and reported the flaw on September 25, 2023. Heap buffer overflow vulnerabilities can be leveraged by malicious actors to cause software crashes or execute arbitrary code, compromising the program’s availability and integrity.
In addition to CVE-2023-5217, the latest Chrome update addresses a total of ten security fixes, with three issues classified as having a high severity rating. One of these high-severity vulnerabilities, known as CVE-2023-5186, involves a “Use after free in Passwords” flaw. This flaw poses a significant risk and was reported by [pwn2car]. Furthermore, another high-severity vulnerability, CVE-2023-5187, was also discovered. This flaw, labeled “Use after free in Extensions,” was reported by Thomas Orlita and has been assigned a $2000 reward.
To safeguard users, Google advises promptly updating to Chrome version 117.0.5938.132 on Windows, macOS, and Linux systems. Users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to install the latest fixes as soon as they become available.
Updating Google Chrome is simple and can be done by following these steps:
1. Open Chrome on your computer.
2. Click on the menu icon located at the top right corner.
3. From the dropdown menu, select “Help” and then click on “About Google Chrome.”
4. In the newly opened tab, you will see the option to “Update Google Chrome.” If this button is missing, it means you are already using the latest version.
5. Click on “Relaunch” to complete the update process.
Keeping software up to date is crucial for maintaining online security. Users are urged to apply the necessary updates promptly to protect themselves against potential risks. It is also recommended for users to utilize Patch Manager Plus, which allows for easy patching of over 850 third-party applications. By taking advantage of a free trial offered by Patch Manager Plus, users can ensure their systems are fully secure.
In conclusion, Google has acted swiftly to address a zero-day vulnerability in its Chrome browser. With the release of version 117.0.5938.132, users are urged to update their Chrome browsers as soon as possible. By staying proactive and promptly applying updates, users can help safeguard their systems and protect themselves from potential exploits.