It is unclear at this point how the vulnerability is exploited and whether it requires an active action on part of the user or not. No specifics are provided, but it suggests that this vendor could use the vulnerability to install spyware on user devices. Google notes that the issue is exploited in the wild, but does not provide specifics.Īnother member of Google's Threat Analysis Group revealed on Twitter that 'a commercial surveillance vendor' was using the vulnerability. The heap buffer overflow issue in VP8 encoding in libvpx was reported by Clément Lecigne of Google's Threat Analysis Group on September 25, 2023. It is identified as CVE-2023-5217 and has a severity rating of high. The release notes provide little information on the vulnerability. Chrome's 5th 0-day security vulnerability The browser should list the following version after the update: 1.132 for all supported operating systems.
This happens automatically, but a restart is required to complete the update. Chrome performs an update check whenever the page is opened to download and install any update. Selecting Menu > Help > About Google Chrome displays the installed version on desktop systems.
Chrome users should install the update immediately to protect their browser from potential attacks.