From thehackernews.com
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser.
Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia).
Exploitation of such buffer overflow flaws can result in program crashes or execution of arbitrary code, impacting its availability and integrity.
Clément Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone noting on X (formerly Twitter) that it has been abused by a commercial spyware vendor to target high-risk individuals.