![]() ![]() ![]() The CVSS score for other related vulnerabilities is between 8.8 and 9.6, indicating a critical level of severity. ![]() It was discovered and reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Toronto's Munk School. This flaw allows for arbitrary code execution or can cause the application to crash. The vulnerability CVE-2023-4863 is due to a heap buffer overflow in the WebP image format library. Moreover, Google is aware that an exploit for CVE-2023-5217 exists in the wild. The vulnerability is tracked as CVE-2023-5217. On September 27, Google has released another emergency security update to address a critical vulnerability found in Chrome. This includes Electron-based applications like Signal, 1Password, and software like Honeyview. Users are advised to update their Chrome web browser to version 1.187 (Mac and Linux) and 1.187/.188 (Windows) immediately.Ĭontrary to earlier reports, this critical vulnerability affects not just web browsers but also a wide range of applications that utilise the libwebp library for rendering WebP images. It affects Chrome running on Windows, Mac, and Linux systems and has already been exploited in the wild according to Google. This vulnerability, tracked as CVE-2023-4863, is caused by a WebP heap buffer overflow weakness. Google has released an emergency security update to address a critical vulnerability found in Chrome. - v1.2 - New information regarding the new critical vulnerability CVE-2023-5217.- v1.1 - Additional information related to impacted browsers. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |