Google has issued an urgent update, Chrome version 117.0.5938.132, aimed at addressing a critical zero-day vulnerability (CVE-2023-5217) impacting Windows, macOS, and Linux systems. This vulnerability poses a significant threat due to its potential to trigger a buffer overflow in the VP8 codec within the libvpx library, and malicious actors are already exploiting it.
Widespread Impact Across Software and Hardware
The vulnerability is linked to the widely-used media encoding system for the WebM file format, co-developed by Google. This puts a broad range of software at risk, including Chrome, Firefox, Skype, VLC, and more, on major operating systems. Additionally, hardware-associated programs from AMD, NVIDIA, and Logitech may also be susceptible.
Mitigating the Threat
Mozilla has confirmed the presence of the same vulnerability in its Firefox browser, emphasizing the global prevalence of the VP8 WebM format. Mozilla promptly released Firefox version 118.0.1 to address CVE-2023-5217.
NIXsolutions notes that this vulnerability primarily affects media file encoding, potentially sparing programs that exclusively use the libvpx library for decoding.