Google fixes a new zero-day vulnerability exploited by a spyware vendor
An urgent patch has been released to protect users from espionage activity via a zero-day vulnerability in Chrome
Google has rushed to patch a new zero-day vulnerability in Chrome, identified as CVE-2023-5217 and exploited by a spyware vendor.
Chrome update to address zero-day vulnerabilities exploited by spyware
Google just released a Chrome update to address a new zero-day vulnerability exploited by a commercial spyware vendor. The new stable version 117.0.5938.132 is available for Windows, macOS and Linux.
Major vulnerability in Chrome exploited by a spyware vendor
The most critical vulnerability, identified as CVE-2023-5217, was described as a "heap buffer overflow in vp8 encoding in libvpx." The report was made to the Chrome team just two days before the release of the patch by Clement Lecigne of the Google Threat Analysis Group (TAG).
Chrome zero-day vulnerability exploited by spyware vendor
The vulnerability CVE-2023-5217 was actively exploited. While the spyware vendor that exploited the vulnerability was not specified in Google's advisory, Google TAG researcher Maddie Stone revealed that it is a commercial surveillance vendor. This is the sixth Chrome zero-day fixed by Google in 2023.
Follow us on Threads for more pills like this09/28/2023 11:13
Marco Verro