In a proactive move to ensure the digital security of Chrome browser users, Google has announced the resolution of the security vulnerability CVE-2023-5217 in its latest security updates, this marks the fifth vulnerability discovered in Chrome since the beginning of the year, with instances of exploitation in various cyberattacks.
The vulnerability has been addressed in Chrome version 117.0.5938.132, which has been globally released for Windows and Linux users through the stable channel, while Google anticipated that it might take some time for the update to reach all users, it was promptly made available to many.
This high-severity CVE-2023-5217 vulnerability stemmed from a weakness in the cache size bypass of VP8 encryption in the open-source libvpx video encoding library, the impact ranged from application crashes to the execution of arbitrary code.
The company was alerted to this vulnerability by information security engineer Clément Léaustic, who works with Google’s Threat Analysis Group, this group is responsible for identifying and frequently reporting immediate vulnerabilities that are exploited by state-sponsored threat actors in highly targeted attacks, often directed at individuals such as journalists, opposition politicians, and global dissidents.
Collaborating with researchers from Citizen Lab, Google’s Threat Analysis Group also disclosed that three other vulnerabilities were addressed by Apple in a recent update, these vulnerabilities were similarly exploited to install the Predator spyware, developed by Cytrox, during the period from May to September 2023.
Current Chrome browser users are encouraged to rely on the automatic updates performed by the browser to ensure they have the latest versions and maintain secure online usage.
