![]() ![]() For example, Google TAG and Citizen Lab researchers disclosed last Friday that three zero-days fixed by Apple last Thursday were used to install Cytrox's Predator spyware between May and September 2023.Īlthough Google confirmed that the CVE-2023-5217 zero-day has been exploited in attacks, the company has not yet provided further information about these incidents. Google TAG researchers are renowned for frequently discovering and reporting zero-days that are misused in targeted spyware attacks by government-backed threat actors and hacking groups that target high-risk individuals, such as journalists and opposition politicians. This bug was identified by Clément Lecigne, a security researcher from Google's Threat Analysis Group (TAG), on Monday, September 25. ![]() This flaw can lead to consequences ranging from application crashes to arbitrary code execution. The high-risk zero-day vulnerability ( CVE-2023-5217) results from a heap buffer overflow issue in the VP8 encoding of the open-source libvpx video codec library. ![]() The web browser will also automatically check for and install new updates upon the next launch. While the advisory suggests it could take days or weeks for the patched version to reach all users, the update was immediately accessible when checked for updates. The patched vulnerability is included in Google Chrome version 1.132, which is currently being disseminated to Windows, Mac, and Linux users via the Stable Desktop channel. In a security advisory released on Wednesday, Google stated that an exploit for CVE-2023-5217 is known to exist in the wild. Google has issued an urgent security patch for the fifth Chrome zero-day vulnerability that has been actively exploited in attacks since the beginning of 2023. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |