Another Chrome Zero-Day Under Attack Received A Fix

Heads up, Chrome users! Google has just released a major security update for its Chrome browser as it patched an actively exploited zero-day. All Chrome desktop users must rush to update their systems to avoid potential threats.

Google Patched Actively Exploited Chrome Zero-Day Flaw

According to the recent security release update, Google has rolled out a major update for its Chrome for Desktop browser, patching several vulnerabilities. But this update is crucial for Chrome users as the tech giant has patched a Chrome zero-day flaw actively exploited in the wild.

As stated, the update includes ten security fixes, addressing the issues across various browser components. Three of these ten vulnerabilities caught the attention of external researchers, who reported the matter to Google for patches. Whereas the remaining seven appeared on the radar of Google’s internal security team.

The release update for Chrome 117.0.5938.132 for Windows, Mac, and Linux lists the three vulnerabilities reported by external researchers, which include the following.

  • CVE-2023-5217: a high-severity heap buffer overflow in vp8 encoding in libvpx. This vulnerability gained traction when Google’s Threat Analysis Group (TAG) and The Citizen Lab discovered active exploitation of this flaw, alongside iOS vulnerabilities, to install the Predator spyware. Apple also patched the respective iOS zero-days with the recently released iOS 17.0.1.
  • CVE-2023-5186: another high-severity vulnerability reported by a researcher with alias “pwn2car.” Google described this vulnerability as a use after free affecting Passwords. The tech giant is yet to decide the bug bounty for this report.
  • CVE-2023-5187: A high-severity use after free vulnerability existed in Chrome Extensions, which caught the attention of the researcher Thomas Orlita. The firm awarded the researcher a $2000 bounty for this bug report.

Continuing its practice to keep the technical details of the vulnerabilities hidden until a maximum of users patch their devices, Google hasn’t shared further details about these flaws. Nonetheless, it has rolled out the Chrome 117.0.5938.132 update to the respective users to avoid risks.

The present update simply adds to the growing list of Chrome vulnerabilities patched this year.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients