Google Fixes Actively Exploited Zero-day Vulnerability : Patch Now!


Google Chrome version 117.0.5938.132 for Windows, Mac, and Linux has been set to release with multiple bug fixes and features. As per Google, this new version will be rolled out in a few weeks or days.

Previously, Google has fixed multiple vulnerabilities in Chrome version 117.0.5938.62, which were associated with Insufficient policy enforcement, Inappropriate Implementation of Prompts, Inputs, Intents, and much more.



Document

FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware


Google Chrome Zero-day

As per the release from Google Chrome, 10 security fixes were issued along with three high-severity vulnerabilities as part of this release. The vulnerabilities were CVE-2023-5217, CVE-2023-5186, and CVE-2023-5187. The severity of these vulnerabilities is being analyzed for categorization by the National Vulnerability Database (NVD).

However, CVE-2023-5217 is known to have been exploited in the wild. This was a Heap buffer overflow vulnerability that existed in the vp8 encoding in libvpx. Google provided no further information about this vulnerability. 

CVE-2023-5186 was a Use-after-free condition in the Passwords, and CVE-2023-5187 was another Use-after-free condition in Extensions of Google Chrome. 

Proof of concept is not yet publicly available for these vulnerabilities. However, as for the rewards, CVE-2023-5187 has been rewarded with $2000, whereas the other two vulnerabilities’ reward details were yet to be released by Google. In addition to this, several internal audits and fuzzing-related fixes were also done as part of this release. 

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.” reads the security release by Google.

Users of Google Chrome are recommended to upgrade to the latest version of Google Chrome to prevent these vulnerabilities from getting exploited by threat actors.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.



Source link