Google has released an update for Chrome, version 117.0.5938.132, which addresses the Zero-Day vulnerability CVE-2023-5217 related to a heap buffer overflow in libvpx. It took Google two days to address this vulnerability after it was disclosed, and it marks the fifth Zero-Day vulnerability fix this year. Users are advised to update immediately.
However, Google has not yet disclosed specific details about this vulnerability. The details will be made public once a majority of users have updated to the latest version of Chrome.
In addition to addressing the aforementioned vulnerability, this Chrome version also includes fixes for two other vulnerabilities, namely CVE-2023-5186 and CVE-2023-5187.
Mozilla has also released an update for Firefox to fix these vulnerabilities. The update, Firefox version 118.0.1, applies to desktop platforms as well as other platforms.
TLDR: Google’s latest Chrome update, version 117.0.5938.132, patches a Zero-Day vulnerability (CVE-2023-5217) involving a heap buffer overflow in libvpx. This marks the fifth Zero-Day fix of the year. Firefox has also released an update (version 118.0.1) to address the same vulnerabilities.