CVE-2023-5217 - Google Chromium libvpx Heap Buffer Overflow Vulnerability
Project:Google
Product:Chromium libvpx
Date Added:2023-10-02Due Date:2023-10-23
Vulnerability Name
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Description
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
https://nvd.nist.gov/vuln/detail/CVE-2023-5217
Related News Articles
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacksMarch 12, 2025
Apple fixes zero-day exploited in 'extremely sophisticated' attacksFebruary 11, 2025
Apple fixes this year’s first actively exploited zero-day bugJanuary 28, 2025
Apple fixes two zero-days used in attacks on Intel-based MacsNovember 20, 2024