{"id":1817,"date":"2023-10-13T05:11:13","date_gmt":"2023-10-13T05:11:13","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=1817"},"modified":"2023-10-20T12:35:59","modified_gmt":"2023-10-20T12:35:59","slug":"google-releases-patch-for-fifth-actively-exploited-chrome-zero-day-of-2023","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/google-releases-patch-for-fifth-actively-exploited-chrome-zero-day-of-2023\/","title":{"rendered":"Google Releases Patch for Fifth Actively Exploited Chrome Zero-Day of 2023"},"content":{"rendered":"\n

In a swift response to the fifth newly discovered zero-day vulnerability in the Chrome browser, Google has released essential fixes. This high-severity vulnerability, officially designated as – “CVE-2023-5217<\/strong>” and discovered by – “Clement Lecigne<\/strong>” a member of Google’s Threat Analysis Group (TAG), is causing quite a stir in the cybersecurity community.<\/p>\n\n\n\n

CVE-2023-5217 is not just any ordinary vulnerability. It is a heap-based buffer overflow that resides in the VP8 compression format within libvpx, a renowned free software video codec library developed by Google in collaboration with the Alliance for Open Media (AOMedia). <\/em><\/strong><\/p>\n\n\n\n

Such buffer overflow vulnerabilities are notorious for their potential to wreak havoc. The exploitation of heap-based buffer overflow vulnerabilities like CVE-2023-5217 can have far-reaching consequences like – execution of Arbitrary code, impact on availability and integrity of the affected system, and program crashes.<\/p>\n\n\n\n

Unfortunately, this vulnerability didn’t go ignored by cybercriminals. Maddie Stone, a fellow researcher, revealed on social media that a commercial spyware vendor had exploited CVE-2023-5217 to target high-risk individuals. This underscores the critical need for prompt action. <\/p>\n\n\n\n

While Google acknowledges the existence of an exploit for CVE-2023-5217 in the wild, they have not provided additional details at the time. However, their quick response in releasing fixes is commendable.<\/p>\n\n\n\n

The discovery of CVE-2030-5217 marks the fifth zero-day vulnerability in Google Chrome this year. Let’s recap the challenges that Chrome has faced:<\/em><\/strong><\/p>\n\n\n\n