Reportedly, the weakness lies in the VP8 encoding part of the library. The open source video codec library libvpx serves as the reference software implementation for the VP8 and VP9 video coding formats. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation. The program can request blocks of memory for its use within the heap. The heap is an area of memory made available for use by the program. In software exploit code, two common areas that are targeted for overflows are the stack and the heap. The zero-day patched in this update is listed as CVE-2023-5217, which is described as a heap buffer overflow in vp8 encoding in libvpx.Ī buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. However, from the update page we can learn a few things. Access to bug details and links may be kept restricted until a majority of users are updated with a fix. Google never gives out a lot of information about vulnerabilities, for obvious reasons. Then all you have to do is relaunch the browser in order for the update to complete.Īfter the update, the version should be 1.132 for Windows, or later. If there is an update available, Chrome will notify you and start downloading it. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking Settings > About Chrome. And now would be a good time, given the severity of the vulnerabilities in this batch. So, it doesn’t hurt to check now and then. But you can end up lagging behind if you never close the browser or if something goes wrong-such as an extension stopping you from updating the browser. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. According to Google there is an active exploit for one of the patched vulnerabilities, which means cybercriminals are aware of the vulnerability and are using it. Google has updated the Stable Channel for Chrome to 1.132 for Windows, Mac and Linux.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |