Google Chrome Heap-Based Buffer Overflow Vulnerability added to CISA Known Exploited Catalog - 20230914003

Overview

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

What is the vulnerability?

CVE-2023-4863 - CVSS v3 Base Score: N/A

What is vulnerable?

The vulnerability exists in the following products:

• Google Chrome prior to 116.0.5845.187

What has been observed?

CISA added this vulnerabilty in their Known Exploited Vulnerabilties catalog on September 13 2023. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of two weeks... (refer Patch Management):

• Google Chrome Releases

Additional Resources

• Bleeping Computer: Google fixes another Chrome zero-day bug exploited in attacks