Patch Chrome, one more time: Google fixes another actively exploited flaw

Google released another patch for Chrome and Chromium browsers to address a recently discovered vulnerability that's actively being exploited in its Chrome browser. Identified as CVE-2023-5217, this high-severity vulnerability is characterized as a heap-based buffer overflow within the VP8 compression format in libvpx, a video codec library developed by Google and the Alliance for Open Media (AOMedia).

Buffer overflow flaws like this one, when exploited, can lead to program crashes or the execution of arbitrary code, significantly impacting the availability and integrity of the affected system. Clém

Google has not disclosed further specifics regarding this vulnerability, except for acknowledging its awareness of the existence of an exploit for CVE-2023-5217 in the wild. This latest discovery adds to the growing number of zero-day vulnerabilities in Google Chrome, totaling five this year.

This patch comes only one week after the patch for the critical flaw in the libwebp image library, originally known as CVE-2023-4863, due to active exploitation in the wild, considering its widespread attack surface.