Google has released an urgent security update addressing yet another security flaw in its Chrome browser.
“Google is aware that an exploit for CVE-2023-5217 exists in the wild,” the company revealed in a security advisory released alongside the release notes for Google Chrome 117.0.5938.132.
This flaw could have allowed criminals to sneakily install spyware on victims without them realizing.
Google Chrome security update
The news is the fifth exploit for zero-day vulnerabilities in Google Chrome detected since the start of the year, showing that the browser remains a popular target for hackers and cybercriminals.
The CVE Program, which tracks publicly disclosed cybersecurity vulnerabilities, notes that the newly-reported issue, classified as CVE-2023-5217, is caused by a heap buffer overflow weakness in the VP8 encoding of the open source libvpx video codec library, which can cause effects from a simple browser crash to the ability for hackers to carry out arbitrary code execution and subvert any other security service.
The flaw, which is ranked as high-severity, was reported by Google Threat Analysis Group (TAG) security researcher Clément Lecigne. The company confirmed CVE-2023-5217 has been exploited and used in cyberattacks, but did not share further information regarding these incidents.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google’s security advisory added. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
The update is available now for Google Chrome users on Windows, Mac, and Linux users, who can download it in the Stable Desktop channel.
It’s the second such incident in this month alone, after Google was forced to issue a Chrome update consisting of multiple emergency security updates for several reported zero-day vulnerabilities just a few days ago.