Google Addresses Critical Vulnerability Affecting Web Browsers
Date | Source | Link |
---|---|---|
September 2023 | Google Blog | “https://chromereleases.googleblog.com/2023/09/stable-Channel-uPdate-desktop_11whichiseliminatedby<ahref=” |
Google has recently released an update addressing a critical vulnerability in web browsers. The vulnerability, identified as CVE-2023-4863, allows attackers to bypass browser protection measures and execute malicious code on the system, outside the Sandbox-detachment.
The specific details of the vulnerability have not been disclosed yet. However, it is known that the vulnerability is caused by a buffer overflow in the WebP image format processor. By exploiting this vulnerability, attackers can execute their code when processing specially designed WebP images. The severity of the vulnerability is further compounded by the existence of a working exploit already being utilized by attackers (0-day).
The impact of this critical vulnerability extends beyond Google’s Chrome browser. Recent changes observed in the libwebp repository and information from error tracks in Debian and SUSE indicate that the vulnerability also affects the libwebp library used to support the WebP format in the Chromium engine. This means that other