CVE-2023-5217 - Google Chromium libvpx Heap Buffer Overflow Vulnerability

CVE-2023-5217: Google | Chromium libvpx

Date Added:
2023-10-02

Due Date:
2023-10-23

Vulnerability Name: Google Chromium libvpx Heap Buffer Overflow Vulnerability

Description: Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2023-5217

Related News Articles: Apple fixes two zero-days used in attacks on Intel-based MacsNovember 20, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard