Google has released Chrome Version 117.0.5938.132 for Mac, Linux, and Windows to address several security vulnerabilities, including a zero-day vulnerability (CVE-2023-5217).

Based on the official site for Chrome updates, “Google is aware of reports that an exploit for CVE-2023-5217 exists in the wild”.

_____________________________

A. Nature of Vulnerabilities

CVE-2023-5217

• Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-09-25

CVE-2023-5186 

• Use after free in Passwords. Reported by [pwn2car] on 2023-09-05

CVE-2023-5187

• Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25

_____________________________

B. Actions to be Taken

CERT-PH recommends the following actions be taken:

• Review and apply the necessary update to mitigate future threats.
  • Go to Chrome Settings > Help > About Google Chrome
• For additional information, kindly refer to the official report
  • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html