Exploitation of CVE-2023-4863 in Google Chrome

Google releases a security update to address a zero-day vulnerability in Google Chrome

Threat ID:: CC-4376
Threat Severity:: Medium
Published:: 12 September 2023 2:03 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Google releases a security update to address a zero-day vulnerability in Google Chrome

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 116.0.5845.187 for Mac and Linux, all prior to 116.0.5845.187/.188 for Windows

Google Chrome for Windows, macOS and Linux

Threat details

Introduction

Google has released a security update to address a critical-severity zero-day vulnerability within the Google Chrome for Windows, macOS, and Linux. This vulnerability, known as CVE-2023-4863, is caused by a heap buffer overflow in WebP. A remote attacker could exploit this vulnerability to create a denial-of-service (DoS) condition or perform arbitrary code execution on affected system.

Exploitation of CVE-2023-4863

Google is aware that an exploit for CVE-2023-4863 exists in the wild, and a proof-of-concept has been publicly released. Exploitation is more likely.

Threat updates

Date	Update
22 Sep 2023	A proof-of-concept has been publicly released This cyber alert has been updated to reflect this change.

Remediation advice

Affected organisations are encouraged to review the Chrome Release and apply the necessary updates to the latest release.

Definitive source of threat updates

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

CVE Vulnerabilities

Status Reserved

CVE-2023-4863

Last edited: 22 September 2023 2:43 pm