Google released remedies for a fresh zero-day vulnerability in the Chrome browser on Wednesday. The heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia), has been identified as the high-severity issue, tracked as CVE-2023-5217.
Such buffer overflow weaknesses can be exploited to cause software crashes or the execution of arbitrary code, which affects the availability and integrity of the program. On September 25, 2023, the vulnerability was found and reported by Clément Lecigne of Google’s Threat Analysis Group (TAG), and Maddie Stone, a fellow researcher, noted on X (previously Twitter) that a commercial spyware vendor had exploited it to target high-risk users.