New Zero-Day Flaw Exploited by Attackers in Google Chrome – Update Your Browser Now!
Google is rolling out security fixes to its popular Chrome browser across a variety of platforms. One particular flaw is said to be under exploitation in the wild amid a new wave of spyware attacks.
This month, security researchers at The Citizen Lab, Apple and Google brought to light a new wave of mercenary spyware attacks targeting iOS, Android and the Google Chrome web browser.
Until yesterday, Chrome was suffering from a security flaw discovered by Clément Lecigne of Google’s Threat Analysis Group (TAG) being exploited in the wild.
The vulnerability, tracked as CVE-2023-5217, is a heap buffer overflow in vp8 encoding in the video codec library “libvpx,” and has a High severity rating, with Google noting it is “aware” that an exploit for this security hole “exists in the wild.”
As highlighted by Bleeping Computer, Google TAG’s Maddie Stone revealed in a post on X (formerly Twitter) that CVE-2023-5217 was indeed exploited as a zero-day flaw to install spyware on devices running vulnerable versions of Chrome.
Two more high-severity flaws are also addressed in this release, with Google saying that all fixes deployed in the desktop version of Chrome have also been implemented in the mobile version of the browser on Android devices.
iOS customers are also treated to a new version of Chrome this week packing the usual “stability and performance improvements.” While iOS itself has been heavily targeted with spyware, the iOS version of Chrome remains unaffected by these targeted attacks.
Whether you’re running Windows, macOS or Linux, your desktop Chrome browser should be at version 117.0.5938.132 to address these newfound weaknesses. If your browser hasn’t updated itself automatically, visit the Settings menu, click About Chrome, and let the browser fetch the update for you, then restart Chrome to install the patch.
As always, Bitdefender strongly recommends that users on all platforms deploy a dedicated security solution to fend off the wider array of cyber threats in today’s threat landscape.