Google Approved “Emergency update for the Google Chrome browser number 117.0.5938.132 for Windows, macOS and Linux operating systems, which is intended to resolve a critical zero-day vulnerability with the identifier CVE-2023-5217 that leads to a buffer overflow in VP8 codec.” in the libvpx library. Hackers are already exploiting this vulnerability.
According to Google security research, the vulnerability is related to the popular media encoding system for the open WebM file format, which Google helped develop. This can leave a wide range of programs vulnerable to attacks, from Chrome and Firefox to Skype and VLC, on virtually all major operating systems, as well as programs associated with hardware from AMD, NVIDIA and Logitech.
Ars Technica reported that Mozilla has already confirmed that the Firefox browser has the same vulnerability, noting that the VP8 WebM format is used in so many software programs around the world that it could become a serious problem. It should be noted that an update has already been released Firefox 118.0.1which fixed the vulnerability CVE-2023-5217.
As the resource stated PC worldThis particular vulnerability appears to only exist when media files are encoded rather than decoded, so the list of affected programs may not necessarily include all programs that use the libvpx library.