Another Chrome security issue is exploited in the wild (and affecting all Chromium-based browsers)

By admin

Google
ORG

released a security update for a security vulnerability in

Google Chrome
ORG

that is exploited in the wild. It is the

fifth
ORDINAL


0-day
DATE

vulnerability in

Google Chrome
ORG

in

2023
DATE

. Other

Chromium
ORG

-based browsers are also affected by the security issue.

ADVERTISEMENT


Chrome
ORG

users should install the update immediately to protect their browser from potential attacks. Selecting Menu > Help > About

Google Chrome
ORG

displays the installed version on desktop systems.

Chrome
ORG

performs an update check whenever the page is opened to download and install any update. This happens automatically, but a restart is required to complete the update.

The browser should list the following version after the update: 117.0.5938.132 for all supported operating systems.


Chrome
ORG

‘s

5th
ORDINAL


0-day
DATE

security vulnerability

The release notes provide little information on the vulnerability. It is identified as

CVE-2023-5217
PRODUCT

and has a severity rating of high. The heap buffer overflow issue in VP8 encoding in

libvpx
GPE

was reported by

Clément Lecigne
PERSON

of

Google
ORG

‘s

Threat Analysis Group
ORG

on

September 25, 2023
DATE

.

Google
ORG

notes that the issue is exploited in the wild, but does not provide specifics.

Another member of

Google
ORG

‘s

Threat Analysis Group
ORG

revealed on

Twitter
WORK_OF_ART

that "a commercial surveillance vendor" was using the vulnerability. No specifics are provided, but it suggests that this vendor could use the vulnerability to install spyware on user devices. It is unclear at this point how the vulnerability is exploited and whether it requires an active action on part of the user or not.


Google
ORG

patched

two
CARDINAL

additional security issues in the

Chrome
ORG

release. Both are use after free vulnerabilities;

one
CARDINAL

in passwords, the other in extensions. Both security issues are rated as high and have the assigned CVEs

CVE-2023-5186
ORG

and

CVE-2023-5187
ORG

.

The security issues affect

Google Chrome
ORG

on

Android
ORG

as well.

Google
ORG

released an update for

Chrome
ORG

for

Android
ORG

, which brings the version to

117.0.5938.140
CARDINAL

on the platform.

Android
ORG

offers no option to speed up the installation of the update, as it is centrally distributed via

Google Play
PRODUCT

.

Other

Chromium
ORG

-based web browsers, such as

Microsoft Edge, Brave, Opera
ORG

or

Vivaldi
PERSON

, are also affected by the vulnerabilities. Expect updates for these browsers, some may have been released already.

The security update is the

second
ORDINAL


0-day
DATE

issue that

Google
ORG

fixed in

September
DATE

. It released another patch on

September 12th
DATE

that addressed a severe vulnerability in

Chrome
ORG

‘s handling of webp images.

Summary Article Name Another Chrome security issue is exploited in the wild (and affecting all

Chromium
ORG

-based browsers)

Description Google
ORG

released a security update for a security vulnerability in

Google Chrome
ORG

that is exploited in the wild. Author

Martin Brinkmann
PERSON

Publisher Ghacks Technology News Logo

Advertisement