Known Exploit Vulnerability - Google Chrome libvpx Heap Buffer Overflow - 20231004001¶
Overview¶
The WA SOC has observed a Heap buffer overflow in Video Processor 8 encoding (vp8) an open video compression format, in libvpx a free software video codec library in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
What is the vulnerability?¶
CVE-2023-5217 - CVSS v3 Base Score: 8.8
What is vulnerable?¶
The vulnerability affects the following Google products:
- Google Chrome prior to 117.0.5938.132
- Google libvpx prior to 1.13.1
What has been observed?¶
Google is aware that an exploit for CVE-2023-5217 exists in the wild. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):