Mastodawn

Sep 29, 2023

"🚀 #ChromeSecurityUpdate: Google Thwarts Spyware Vendor Exploiting New Zero-Day 🚀"

Google has promptly patched a fresh security flaw in Chrome, exploited by a commercial spyware vendor. The update, version 117.0.5938.132, rolled out for Windows, macOS, and Linux, addressing ten vulnerabilities. The most critical among them is CVE-2023-5217, a "heap buffer overflow in vp8 encoding in libvpx," reported by Clement Lecigne from Google's Threat Analysis Group. This flaw was already weaponized in real-world attacks, marking the sixth Chrome zero-day patched in 2023. 🛡️💻

The exploit was leveraged by a commercial surveillance vendor, reminiscent of a recent operation delivering Predator spyware to an Egyptian opposition politician using various zero-days and MitM attacks on mobile devices. 🕵️📱

Source: SecurityWeek

Tags: #CyberSecurity #GoogleChrome #ZeroDay #CVE20235217 #Spyware #CyberAttack #PatchTuesday #InfoSec #VulnerabilityManagement #MitM #RealWorldExploits

Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor

Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor.

SecurityWeek

Rick Stringer Jun 9, 2023

Google has confirmed a zero-day exploit in Chrome, and an emergency security update is now available. Protect yourself by updating your browser immediately. Check your version in Help|About, download the update, and restart your browser to activate it. Stay secure and #UpdateNow! #ChromeSecurityUpdate #ZeroDayExploit
https://www.forbes.com/sites/daveywinder/2023/06/06/new-emergency-google-chrome-security-update-0day-exploit-confirmed/?sh=5631cd141045

New Emergency Google Chrome Security Update—0Day Exploit Confirmed

Google has confirmed that a zero-day security vulnerability in its Chrome web browser is being actively exploited. All you need to know.

Forbes