Google Releases Security Update for Chrome
The security update addresses three high vulnerabilities, one of which is actively exploited in the wild
Summary
The security update addresses three high vulnerabilities, one of which is actively exploited in the wild
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Google has released a security update to address three high severity vulnerabilities.
Vulnerability details
-
CVE-2023-5217 - CWE-122 - Heap-based Buffer Overflow
A heap buffer overflow vulnerability in vp8 encoding in libvpx. A CVSS v3 base score of 8.8 has been calculated.
- CVE-2023-5186 - CWE-416 - Use After Free
This is a Use-After-Free vulnerability in passwords. A CVSS v3 base score of 9.8 has been calculated.
-
CVE-2023-5187 - CWE-416 - Use After Free
This is a Use-After-Free vulnerability in Extensions. A CVSS v3 base score of 9.8 has been calculated.
Exploitation of CVE-2023-5217
Google is aware that an exploit for CVE-2023-5217 exists in the wild.
Remediation advice
Affected organisations are encouraged to review the Chrome Release and update to the latest release.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 28 September 2023 4:35 pm